CVE-2025-43714

{"id": "CVE-2025-43714", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-05-19T15:15:23.987", "references": [{"url": "https://medium.com/@zer0dac/chatgpt-a-potential-phishing-vector-via-html-injection-bf703c79590a", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers."}, {"lang": "es", "value": "El sistema ChatGPT, hasta el 30/03/2025, realiza la representaci\u00f3n en l\u00ednea de documentos SVG (en lugar de, por ejemplo, representarlos como texto dentro de un bloque de c\u00f3digo), lo que permite la inyecci\u00f3n de HTML en la mayor\u00eda de los navegadores web gr\u00e1ficos modernos."}], "lastModified": "2025-05-21T20:25:33.823", "sourceIdentifier": "cve@mitre.org"}