{"id":1642,"date":"2025-05-20T08:20:45","date_gmt":"2025-05-20T08:20:45","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1642"},"modified":"2025-05-20T08:20:45","modified_gmt":"2025-05-20T08:20:45","slug":"chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/","title":{"rendered":"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs &#038; Images in Shared Chats"},"content":{"rendered":"<p>A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content.<\/p>\n<p>The flaw, recently documented as CVE-2025-43714, affects the ChatGPT system through March 30, 2025.<\/p>\n<p>Security researchers identified that instead of rendering SVG code as text within code blocks, ChatGPT inappropriately executes these elements when a chat is reopened or shared through public links.<\/p>\n<p>This behavior effectively creates a stored\u00a0<a href=\"https:\/\/cybersecuritynews.com\/tag\/cross-site-scripting\/\" target=\"_blank\" rel=\"noreferrer noopener\">cross-site scripting (XSS)<\/a>\u00a0vulnerability within the popular AI platform.<\/p>\n<p>\u201cThe ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers,\u201d said the researcher with handle zer0dac.<\/p>\n<p>The security implications are significant. Attackers can craft deceptive messages embedded within SVG code that appear legitimate to unsuspecting users.<\/p>\n<p>More concerning are the potential impacts on user wellbeing, as malicious actors could create SVGs with epileptic-inducing flashing effects that may harm photosensitive individuals.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/chatgpt-vulnerability-malicious-images\/\">Read the Full Story Here<\/a><\/p>\n<p>Source: Cybersecurity News<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented as CVE-2025-43714, affects the ChatGPT system through March 30, 2025. Security researchers identified that instead [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":965,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs &amp; Images in Shared Chats - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs &amp; Images in Shared Chats - Community\" \/>\n<meta property=\"og:description\" content=\"A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented as CVE-2025-43714, affects the ChatGPT system through March 30, 2025. Security researchers identified that instead [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-20T08:20:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/\",\"name\":\"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg\",\"datePublished\":\"2025-05-20T08:20:45+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs &#038; Images in Shared Chats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/","og_locale":"en_US","og_type":"article","og_title":"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats - Community","og_description":"A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented as CVE-2025-43714, affects the ChatGPT system through March 30, 2025. Security researchers identified that instead [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-05-20T08:20:45+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/","name":"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg","datePublished":"2025-05-20T08:20:45+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/03\/chatgpt.jpg","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/chatgpt-vulnerability-lets-attackers-embed-malicious-svgs-images-in-shared-chats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs &#038; Images in Shared Chats"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1642"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1642\/revisions"}],"predecessor-version":[{"id":1643,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1642\/revisions\/1643"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/965"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}