ChatGPT SSRF Vulnerability: A Growing Threat to U.S. Financial and Government Organizations

TL;DR

Threat actors are exploiting a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-27564) in ChatGPT to target U.S. financial and government organizations. This flaw, located in the pictureproxy.php file, allows attackers to inject crafted URLs to trigger arbitrary requests. The flaw has been actively exploited, with over 10,000 attack attempts observed in a week.

Main Content

Threat Actors Exploit ChatGPT SSRF Vulnerability

Cybersecurity firm Veriti has reported that threat actors are actively exploiting a Server-Side Request Forgery (SSRF) vulnerability in ChatGPT. This vulnerability, tracked as CVE-2024-27564 with a CVSS score of 6.5, is being used to target financial and government organizations in the U.S.¹

Vulnerability Details

The flaw resides in the pictureproxy.php file and allows attackers to inject URLs via the url parameter to trigger arbitrary requests. According to the advisory, “A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.”²

The vulnerability is due to insufficient validation of the url parameter. Attackers can exploit this by injecting crafted URLs, leading the server to make arbitrary requests via file_get_contents.³

Impact and Exploitation

Veriti researchers observed over 10,000 attack attempts in a single week from multiple threat actors. The top targeted industries are government organizations in the U.S. Additionally, attacks have been observed against financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK.⁴

Misconfigurations and Security Risks

The report highlights that 35% of the analyzed companies were unprotected due to misconfigured Intrusion Prevention Systems (IPS) in their NextGenFirewall or WebApplicationFirewall. This underscores the importance of proper configuration and patching of all vulnerabilities, regardless of their severity ranking.⁵

Conclusion

The exploitation of the SSRF vulnerability in ChatGPT serves as a reminder that even medium-severity vulnerabilities can become significant attack vectors. Security teams must prioritize patching and proper configuration to mitigate such risks. Automated attacks scan for weaknesses, not severity scores, and misconfigurations create easy entry points, even for well-secured systems.⁶

Video Proof of Concept

Below is a video PoC for this flaw published by Veriti:

Follow for More Updates

Follow me on Twitter, Facebook, and Mastodon for more updates.

For more details, visit the full article: source

References

1. (2025). “ChatGPT SSRF bug quickly becomes a favorite attack vector”. Security Affairs. Retrieved 2025-03-18. ↩︎

2. NVD (2024). “CVE-2024-27564”. National Vulnerability Database. ↩︎

3. dirk1983 (2024). “chatgpt commit f9f4bbc”. GitHub. ↩︎

4. Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎

5. Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎

6. Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎