ChatGPT SSRF bug quickly becomes a favorite attack vector

Pierluigi Paganini
March 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations.

Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564 (CVSS score of 6.5), in ChatGPT to target financial and government organizations in the US.

The flaw resides in pictureproxy.php and attackers could exploit the issue to inject URLs via the url parameter to trigger arbitrary requests.

“A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.” reads the advisory.

The pictureproxy.php file SSRF vulnerability is due to insufficient validation of the url parameter. Attackers can exploit this by injecting crafted URLs, leading the server to make arbitrary requests via file_get_contents.

“A Server-Side Request Forgery (SSRF) in pictureproxy.php file of [chatgpt](f9f4bbc) allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter. It should be noted that this vulnerability can be triggered without the need for authentication and is therefore more harmful.” reads the original disclosure.

“The vulnerable code is located in the pictureproxy.php file. Because the function does not perform sufficient checksumming on the url parameter, the taint is introduced from the $_GET['url'] variable into the tainted function file_get_contents , and after the file_get_contents function is executed it sends a request to the URL specified by the url parameter, eventually leading to an SSRF vulnerability.” Because the url parameter is unrestricted, it is also possible to use the server side to send requests, such as probing web services.”

Veriti researchers observed over 10K attack attempts in a week from multiple threat actors.

“Top targeted industry and geo are Government organisations in the US.” reported Veriti “35% of companies analyzed were unprotected due to misconfigured Intrusion Prevention Systems in their NextGenFirewall or WebApplicationFirewall”

Attacks also targeted financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK.

“Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations.” conclude the report. “Security teams often prioritize patching only critical and high-severity vulnerabilities. But attackers exploit whatever works, regardless of ranking. Exploitation trends change: A once-ignored vulnerability can quickly become a favorite attack vector. Automated attacks scan for weaknesses, not severity scores, and misconfigurations create easy entry points, even well secured systems remain vulnerable when IPS or WAF rules are incorrectly set.”

Below is a video PoC for this flaw published by Veriti: