Attackers are actively exploiting a flaw in ChatGPT that redirects users to malicious URLs, with one malicious IP launching over 10,000 exploit attempts in just one week.
Researchers at Veriti identified the vulnerability in OpenAI’s ChatGPT infrastructure, assigned CVE-2024-27564 (CVSS 6.5). Despite being rated as a medium-severity risk, the flaw is already in active use by cybercriminals. Veriti’s analysis revealed that 35% of the affected organizations were exposed due to misconfigurations in intrusion prevention systems (IPS), web application firewalls (WAFs), and firewall settings.
The attacks are primarily concentrated in the United States, where financial institutions are prime targets, although organizations in Germany, Thailand, Indonesia, Colombia, and the UK have also been affected. Financial entities are particularly vulnerable because of their reliance on AI-driven services and API integrations, which can be exploited via server-side request forgery (SSRF) attacks to access internal resources or steal sensitive data. Such breaches can result in unauthorized transactions, regulatory fines, and significant reputational damage.
How CVE-2024-27564 Works
The vulnerability resides in the pictureproxy.php file of ChatGPT (commit f9f4bbc) and enables attackers to inject malicious URLs into the ChatGPT input parameters. This forces the application to make unintended requests on behalf of the attacker—a proof-of-concept demo of which is available on YouTube.
Veriti’s research shows that 33% of the attack attempts originated in the U.S., with Germany and Thailand each contributing 7%. The attackers targeted not only financial organizations but also government and healthcare sectors.
The Wider GenAI Risk Landscape
Since its launch in November 2023, ChatGPT has expanded the attack surface for adversaries. As organizations increasingly integrate AI into their operations, security teams are facing rising concerns over adversarial attacks on AI systems. A recent study by SentinelOne highlighted that ChatGPT can inadvertently expose data related to its instructions, history, and operating files, prompting broader questions about the security of OpenAI’s generative AI models.
Veriti has published a list of IP addresses from which the attacks on CVE-2024-27564 were initiated to aid in remediation efforts. They recommend that administrators review their IPS, WAF, and firewall configurations, and incorporate AI security gaps into their risk assessments.
In summary, while no vulnerability is ever too small to be exploited, the ongoing attacks on ChatGPT’s infrastructure underscore the need for organizations to remain vigilant and proactive in safeguarding their AI systems.
