Exploited ChatGPT Vulnerability Poses Risks to Organizations

March 18, 2025 A server-side request forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure, tracked as CVE-2024-27564, is being actively exploited by attackers to redirect users to malicious URLs, placing organizations at significant risk.

Researchers from cybersecurity firm Veriti have identified that this medium-severity flaw allows cybercriminals to inject crafted URLs into ChatGPT’s system, compelling the application to make arbitrary requests. This exploitation can lead to unauthorized access and data breaches. Notably, over 10,000 exploit attempts were recorded within a single week from a lone malicious IP address, underscoring the vulnerability’s appeal to threat actors.

The attacks have predominantly targeted financial institutions and U.S. government organizations, highlighting the critical need for robust cybersecurity measures in these sectors. Alarmingly, Veriti’s analysis revealed that 35% of examined organizations were susceptible due to misconfigurations in intrusion prevention systems, web application firewalls, and firewall settings.

SSRF vulnerabilities enable attackers to manipulate server-side applications into making unauthorized requests to internal or external systems, potentially leading to data exposure or further system compromises. In this instance, the flaw permits adversaries to direct ChatGPT to access unintended URLs, facilitating a range of malicious activities.

 

Top Stories

Related Articles

June 26, 2026 Opposition to large-scale data centre developments tied to the artificial intelligence boom is beginning to influence U.S. more...

June 26, 2026 Ford Motor Co. turned to veteran engineers to tackle persistent vehicle quality problems after finding that artificial more...

June 22, 2026 Bell Canada has signed an artificial intelligence infrastructure agreement with Toronto-based Cohere that will see the AI more...

June 22, 2026 Artificial intelligence pioneer Yann LeCun says Elon Musk's xAI is unlikely to compete at the leading edge more...

Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com
Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn