CVE-2025-7021: Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on
mediumvulnerability
security
Summary
CVE-2025-7021 is a vulnerability in OpenAI Operator SaaS on Web where an attacker can trick users into entering sensitive information like login credentials by creating a fake fullscreen interface that mimics browser controls and hides security warnings. The attacker overlays distracting elements (such as a fake cookie consent screen) to obscure notifications and deceive users into interacting with the malicious site. This vulnerability has a CVSS score of 6.9 (MEDIUM severity).
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Taxonomy References
CWE (Weakness Type)
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-7021
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%