Vulnerability cyber

OpenAI

Mar 18, 2025 1 min read
OpenAI

OpenAI's infrastructure has been compromised by a SSRF vulnerability (CVE-2024-27564) in its ChatGPT application, impacting the financial sector. Attackers manipulated the 'url' parameter within the pictureproxy.php component to make arbitrary requests and extract sensitive information. Over 10,479 attack instances were noted from a single malicious IP in a week, with the U.S. bearing 33% of these attacks. Financial institutions, especially banks and fintech firms, are reeling from the consequences such as data breaches, unauthorized transactions, and reputational damage. Despite the medium CVSS score of 6.5, the flaw's extensive exploitation has caused significant concern, with about 35% of entities at risk due to security misconfigurations.

Source: https://cybersecuritynews.com/chatgpt-vulnerability-actively-exploited/

TPRM report: https://scoringcyber.rankiteo.com/company/openai

"id": "ope421031825",
"linkid": "openai",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'OpenAI',
                        'type': 'Technology Company'}],
 'attack_vector': "Manipulation of 'url' parameter in pictureproxy.php "
                  'component',
 'data_breach': {'type_of_data_compromised': 'Sensitive information'},
 'description': "OpenAI's infrastructure has been compromised by a SSRF "
                'vulnerability (CVE-2024-27564) in its ChatGPT application, '
                'impacting the financial sector. Attackers manipulated the '
                "'url' parameter within the pictureproxy.php component to make "
                'arbitrary requests and extract sensitive information. Over '
                '10,479 attack instances were noted from a single malicious IP '
                'in a week, with the U.S. bearing 33% of these attacks. '
                'Financial institutions, especially banks and fintech firms, '
                'are reeling from the consequences such as data breaches, '
                'unauthorized transactions, and reputational damage. Despite '
                "the medium CVSS score of 6.5, the flaw's extensive "
                'exploitation has caused significant concern, with about 35% '
                'of entities at risk due to security misconfigurations.',
 'impact': {'brand_reputation_impact': 'Reputational damage',
            'data_compromised': 'Sensitive information',
            'systems_affected': ['Financial institutions',
                                 'Banks',
                                 'Fintech firms']},
 'initial_access_broker': {'entry_point': 'pictureproxy.php component',
                           'high_value_targets': ['Financial institutions',
                                                  'Banks',
                                                  'Fintech firms']},
 'motivation': ['Data breaches',
                'Unauthorized transactions',
                'Reputational damage'],
 'post_incident_analysis': {'root_causes': 'Security misconfigurations'},
 'title': 'OpenAI Infrastructure Compromised by SSRF Vulnerability',
 'type': 'SSRF Vulnerability',
 'vulnerability_exploited': 'CVE-2024-27564'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.