ChatGPT SSRF Vulnerability: A Growing Threat to U.S. Financial and Government Organizations
Discover how threat actors are exploiting a Server-Side Request Forgery (SSRF) flaw in ChatGPT to target U.S. financial and government organizations. Learn about the vulnerability, its impact, and how to mitigate risks.
TL;DR
Threat actors are exploiting a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-27564) in ChatGPT to target U.S. financial and government organizations. This flaw, located in the pictureproxy.php
file, allows attackers to inject crafted URLs to trigger arbitrary requests. The flaw has been actively exploited, with over 10,000 attack attempts observed in a week.
Main Content
Threat Actors Exploit ChatGPT SSRF Vulnerability
Cybersecurity firm Veriti has reported that threat actors are actively exploiting a Server-Side Request Forgery (SSRF) vulnerability in ChatGPT. This vulnerability, tracked as CVE-2024-27564 with a CVSS score of 6.5, is being used to target financial and government organizations in the U.S.1
Vulnerability Details
The flaw resides in the pictureproxy.php
file and allows attackers to inject URLs via the url
parameter to trigger arbitrary requests. According to the advisory, “A Server-Side Request Forgery (SSRF) in pictureproxy.php
of ChatGPT commit f9f4bbc
allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url
parameter.”2
The vulnerability is due to insufficient validation of the url
parameter. Attackers can exploit this by injecting crafted URLs, leading the server to make arbitrary requests via file_get_contents
.3
Impact and Exploitation
Veriti researchers observed over 10,000 attack attempts in a single week from multiple threat actors. The top targeted industries are government organizations in the U.S. Additionally, attacks have been observed against financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK.4
Misconfigurations and Security Risks
The report highlights that 35% of the analyzed companies were unprotected due to misconfigured Intrusion Prevention Systems (IPS) in their NextGenFirewall or WebApplicationFirewall. This underscores the importance of proper configuration and patching of all vulnerabilities, regardless of their severity ranking.5
Conclusion
The exploitation of the SSRF vulnerability in ChatGPT serves as a reminder that even medium-severity vulnerabilities can become significant attack vectors. Security teams must prioritize patching and proper configuration to mitigate such risks. Automated attacks scan for weaknesses, not severity scores, and misconfigurations create easy entry points, even for well-secured systems.6
Video Proof of Concept
Below is a video PoC for this flaw published by Veriti:
Follow for More Updates
Follow me on Twitter, Facebook, and Mastodon for more updates.
For more details, visit the full article: source
References
-
(2025). “ChatGPT SSRF bug quickly becomes a favorite attack vector”. Security Affairs. Retrieved 2025-03-18. ↩︎
-
NVD (2024). “CVE-2024-27564”. National Vulnerability Database. ↩︎
-
dirk1983 (2024). “chatgpt commit f9f4bbc”. GitHub. ↩︎
-
Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎
-
Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎
-
Veriti (2025). “CVE-2024-27564 Actively Exploited”. Veriti Blog. ↩︎