CVE-2025-43714
Published: 19 May 2025
Summary
CVE-2025-43714 is a medium-severity Command Injection (CWE-77) vulnerability in Openai Chatgpt. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 48.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the LLM/Generative AI Risks risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15742
Vulnerability details
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: chatgpt
Related Threats
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.