CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-43714: The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code...

Description

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.

Classification

CVE ID: CVE-2025-43714

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 8.92% (scored less or equal to compared to others)

EPSS Date: 2025-06-17 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43714
https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a

Timeline

2025-05-19 15:40:16 UTC
CVE

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code...