Darkreading.com reported that “Attackers are actively exploiting a flaw in ChatGPT that allows them to redirect users to malicious URLs from within the artificial intelligence (AI) chatbot application, with more than 10,000 exploit attempts in a week coming from a single malicious IP address.” The March 18, 2025 article entitled ” Actively Exploited ChatGPT Bug Puts Organizations at Risk” (https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk) included these comments:
Researchers from Veriti discovered the vulnerability in OpenAI’s ChatGPT infrastructure, which is tracked as CVE-2024-27564 (CVSS 6.5). So far, the flaw has not been widely reported, perhaps because it was only deemed of medium severity. This marginal-risk assessment may be misleading, however, as the flaw is proving to be on attackers’ radar screens. And of the organizations that Veriti analyzed, 35% of them were at risk because of misconfigurations in intrusion prevention systems (IPS), Web application firewalls (WAFs), and firewall settings, Veriti reported in a blog post.
A number of the cyberattacks are focused mainly in the US, where financial institutions are prime targets, the researchers added.
Bad news, but not a surprise!
First published at https://www.vogelitlaw.com/blog/chatgpt-bug-puts-many-users-at-risk