ChatGPT Vulnerability Exploited Against US Government Organizations
Posted: Tue Mar 18, 2025 10:47 am
Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in ChatGPT, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
[...]
ChatGPT Vulnerability Exploited Against US Government Organizations
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
[...]
ChatGPT Vulnerability Exploited Against US Government Organizations