A server-side request forgery (SSRF) vulnerability (CVE-2024-27564) affecting OpenAI’s ChatGPT infrastructure has seen over 10,479 attack attempts from a single malicious IP, per Veriti’s research. The flaw allows attackers to inject malicious URLs, making unintended requests via compromised systems.

Despite being classified as medium severity, 35% of organizations remain vulnerable due to misconfigurations in IPS, WAF, and firewalls. Financial institutions and U.S. government agencies are prime targets, with risks including data breaches, financial fraud, regulatory penalties, and reputational damage.

‍