CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openai:chatgpt:*:*:*:*:*:*:*:*

History

12 Jun 2025, 16:24

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-19 15:15

Updated : 2025-06-12 16:24


NVD link : CVE-2025-43714

Mitre link : CVE-2025-43714

CVE.ORG link : CVE-2025-43714


JSON object : View

Products Affected

openai

  • chatgpt
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')