- Description
- The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- chatgpt
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-77
- Hype score
- Not currently trending
🔴 #ChatGPT, #HTML Injection via SVG Inline Rendering, #CVE-2025-43714 (Critical) https://t.co/b6IjMnk9PB
@dailycve
12 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة جديدة في @ChatGPTapp تحمل الرمز CVE-2025-43714، تتيح تنفيذ أكواد خبيثة من خلال صور SVG تُعرض داخل المحادثات. تتجاوز تبعاتها الجانب الأمني لتشمل آثاراً صحية مح
@cyberscastx
21 May 2025
1155 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
فيه ثغرة جديدة Stored XSS بـ ChatGPT بسببها وقفوا مشاركة المحادثات مؤقتًا. الثغرة تسمح بعرض SVG أو صور داخل الكود، والموقع يعرضها فعليًا بدل ما يعرضها كنص. CVE-2025-437
@MarwanCYS
21 May 2025
3032 Impressions
1 Retweet
21 Likes
9 Bookmarks
0 Replies
0 Quotes
🛠️ Technical Details A critical vulnerability, CVE-2025-43714, has been identified in ChatGPT, allowing attackers to embed malicious SVG (Scalable Vector Graphics) files into shared conversations. Need help? https://t.co/BLjQF3JlQW https://t.co/Ri8DAn2P3H
@SecurityJoes
21 May 2025
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical #ChatGPT vulnerability (CVE-2025-43714) allows embedding of malicious SVGs in shared chats, enabling phishing attacks and harmful content. Users, stay vigilant! #CyberSecurity #AI https://t.co/ButtVsjVjl
@dailytechonx
20 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ChatGPTで、共有チャットに悪性のSVGや画像を埋め込める脆弱性があった。CVE-2025-43714はコードブロック内のSVGコードが誤って描画されてしまうもので、XSSに使用可能だった。脆弱性の存在は3/30まで。 https://t.co/z
@__kokumoto
20 May 2025
1093 Impressions
4 Retweets
14 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 New #ChatGPT vulnerability (CVE-2025-43714) exposes users to #malicious SVG-based XSS attacks via shared chats. Stay cautious & secure. Read More: https://t.co/ciLIxOC7MN #CyberSecurity #XSS #CVE202543714 #Canada #CanadaCyberAwareness https://t.co/pVuDHJqrFS
@FindSecCyber
20 May 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025年3月30日までのChatGPTに、SVG画像を通じて悪意あるコードを埋め込める重大な脆弱性(CVE-2025-43714)が発見された。 SVGはHTMLやJavaScriptを含められる形式であり、本来テキストとして表示されるべきコードがC
@yousukezan
20 May 2025
415 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-43714 The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables … https://t.co/oDDEExTH7k
@CVEnew
19 May 2025
275 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openai:chatgpt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFE760A-5763-4767-87F4-D2ACA8EA214E",
"versionEndIncluding": "2025-03-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]