A recently discovered vulnerability in ChatGPT (CVE-2024-27564) is being actively exploited by attackers. This server-side request forgery flaw allows cybercriminals to redirect users to malicious URLs, which can lead to a variety of attack types. Over 10,000 exploit attempts were recorded in just one week, many targeting financial institutions, government, and healthcare organizations.
The vulnerability, identified by Veriti researchers, stems from ChatGPT’s infrastructure and affects certain firewall configurations, particularly intrusion prevention systems and Web Application Firewalls. Financial organizations, reliant on Artificial intelligence-driven service, are primary targets due to the potential for unauthorized transactions or data breaches. While the vulnerability was initially rated as medium risk, its active exploitation highlights the real-world danger posed by even small flaws.
Security teams are urged to check firewall and system configurations, monitor logs for suspicious activity, and prioritize addressing AI-related security gaps to mitigate this growing threat. For more information, refer to the DarkReading article.