AI description
CVE-2025-43714 is a vulnerability in the ChatGPT system that stems from its handling of SVG (Scalable Vector Graphics) documents. Specifically, ChatGPT performs inline rendering of SVG documents instead of treating the code as text (for example, rendering it inside a code block). This behavior, present up to March 30, 2025, enables HTML injection within modern web browsers. Attackers can exploit this vulnerability by embedding malicious SVG files within shared conversations. These SVG files can contain embedded JavaScript that executes when the image is rendered, potentially leading to cross-site scripting (XSS) attacks. This could allow unauthorized script execution, potentially compromising user sessions, stealing sensitive information, or performing unauthorized actions within the web application.
- Description
- The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-77
- Hype score
- Not currently trending
🚨 ثغرة جديدة في @ChatGPTapp تحمل الرمز CVE-2025-43714، تتيح تنفيذ أكواد خبيثة من خلال صور SVG تُعرض داخل المحادثات. تتجاوز تبعاتها الجانب الأمني لتشمل آثاراً صحية مح
@cyberscastx
21 May 2025
1155 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
فيه ثغرة جديدة Stored XSS بـ ChatGPT بسببها وقفوا مشاركة المحادثات مؤقتًا. الثغرة تسمح بعرض SVG أو صور داخل الكود، والموقع يعرضها فعليًا بدل ما يعرضها كنص. CVE-2025-437
@MarwanCYS
21 May 2025
3032 Impressions
1 Retweet
21 Likes
9 Bookmarks
0 Replies
0 Quotes
🛠️ Technical Details A critical vulnerability, CVE-2025-43714, has been identified in ChatGPT, allowing attackers to embed malicious SVG (Scalable Vector Graphics) files into shared conversations. Need help? https://t.co/BLjQF3JlQW https://t.co/Ri8DAn2P3H
@SecurityJoes
21 May 2025
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical #ChatGPT vulnerability (CVE-2025-43714) allows embedding of malicious SVGs in shared chats, enabling phishing attacks and harmful content. Users, stay vigilant! #CyberSecurity #AI https://t.co/ButtVsjVjl
@dailytechonx
20 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ChatGPTで、共有チャットに悪性のSVGや画像を埋め込める脆弱性があった。CVE-2025-43714はコードブロック内のSVGコードが誤って描画されてしまうもので、XSSに使用可能だった。脆弱性の存在は3/30まで。 https://t.co/z
@__kokumoto
20 May 2025
1093 Impressions
4 Retweets
14 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 New #ChatGPT vulnerability (CVE-2025-43714) exposes users to #malicious SVG-based XSS attacks via shared chats. Stay cautious & secure. Read More: https://t.co/ciLIxOC7MN #CyberSecurity #XSS #CVE202543714 #Canada #CanadaCyberAwareness https://t.co/pVuDHJqrFS
@FindSecCyber
20 May 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025年3月30日までのChatGPTに、SVG画像を通じて悪意あるコードを埋め込める重大な脆弱性(CVE-2025-43714)が発見された。 SVGはHTMLやJavaScriptを含められる形式であり、本来テキストとして表示されるべきコードがC
@yousukezan
20 May 2025
415 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-43714 The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables … https://t.co/oDDEExTH7k
@CVEnew
19 May 2025
275 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes