Search criteria
3 vulnerabilities found for chatgpt by openai
FKIE_CVE-2025-43714
Vulnerability from fkie_nvd - Published: 2025-05-19 15:15 - Updated: 2025-06-12 16:24
Severity ?
Summary
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openai:chatgpt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFE760A-5763-4767-87F4-D2ACA8EA214E",
"versionEndIncluding": "2025-03-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers."
},
{
"lang": "es",
"value": "El sistema ChatGPT, hasta el 30/03/2025, realiza la representaci\u00f3n en l\u00ednea de documentos SVG (en lugar de, por ejemplo, representarlos como texto dentro de un bloque de c\u00f3digo), lo que permite la inyecci\u00f3n de HTML en la mayor\u00eda de los navegadores web gr\u00e1ficos modernos."
}
],
"id": "CVE-2025-43714",
"lastModified": "2025-06-12T16:24:24.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-19T15:15:23.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-43714 (GCVE-0-2025-43714)
Vulnerability from cvelistv5 – Published: 2025-05-19 00:00 – Updated: 2025-05-19 15:50
VLAI?
Summary
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:49:22.588296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:50:23.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:44:10.755Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43714",
"datePublished": "2025-05-19T00:00:00.000Z",
"dateReserved": "2025-04-17T00:00:00.000Z",
"dateUpdated": "2025-05-19T15:50:23.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43714 (GCVE-0-2025-43714)
Vulnerability from nvd – Published: 2025-05-19 00:00 – Updated: 2025-05-19 15:50
VLAI?
Summary
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:49:22.588296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:50:23.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:44:10.755Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43714",
"datePublished": "2025-05-19T00:00:00.000Z",
"dateReserved": "2025-04-17T00:00:00.000Z",
"dateUpdated": "2025-05-19T15:50:23.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}