CVE-2025-43714: The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering the
mediumvulnerabilityLLM-Specific
security
Summary
ChatGPT through March 30, 2025, renders SVG documents (scalable vector graphics, a type of image format) directly in web browsers instead of displaying them as plain text, which allows attackers to inject HTML (the code that structures web pages) and potentially trick users through phishing attacks.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt Injection
Attack SophisticationTrivial
Impact (CIA+S)
integrity
AI Component TargetedAPI
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-43714
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 85%