OpenAI's infrastructure has been compromised by a SSRF vulnerability (CVE-2024-27564) in its ChatGPT application, impacting the financial sector. Attackers manipulated the 'url' parameter within the pictureproxy.php component to make arbitrary requests and extract sensitive information. Over 10,479 attack instances were noted from a single malicious IP in a week, with the U.S. bearing 33% of these attacks. Financial institutions, especially banks and fintech firms, are reeling from the consequences such as data breaches, unauthorized transactions, and reputational damage. Despite the medium CVSS score of 6.5, the flaw's extensive exploitation has caused significant concern, with about 35% of entities at risk due to security misconfigurations.
Source: https://cybersecuritynews.com/chatgpt-vulnerability-actively-exploited/
"id": "ope421031825",
"linkid": "openai",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"