ChatGPT Vulnerability: SVGs Used for Phishing Attacks Surge 245%

Abhimanyu Singh
Abhimanyu Singh

Engineering Manager

 
May 20, 2025 3 min read

ChatGPT Vulnerability

A critical security vulnerability in ChatGPT has been identified, enabling attackers to embed malicious SVG (Scalable Vector Graphics) and image files within shared conversations. This flaw, documented as CVE-2025-43714, is active until March 30, 2025. Researchers found that instead of treating SVG code as text, ChatGPT executes these elements when a chat is reopened or shared via links. This creates a stored cross-site scripting (XSS) vulnerability. The researcher, zer0dac, stated, “The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers.”

ChatGPT Vulnerability Malicious images
Image courtesy of Cybersecurity News

The implications of this vulnerability are serious, as attackers can craft messages embedded within SVG code that may look legitimate to users. SVG files can contain embedded JavaScript, which executes when the image is rendered in a browser, leading to potential phishing exploits. OpenAI has initiated mitigation efforts by disabling link-sharing features following the report of this vulnerability, but a comprehensive fix is still in development.

Payloads
Image courtesy of Cybersecurity News

Increase in SVG Phishing Payloads

The KnowBe4 Threat Research team has recorded a significant rise in the use of SVG files to obfuscate phishing payloads. In a recent analysis, they found that SVGs accounted for 6.6% of malicious attachments in phishing emails between January and March 2025, marking a 245% increase from the previous quarter. The largest spike occurred on March 4, when SVGs represented 29.5% of all malicious attachments.

Analysis of Two SVG Phishing Campaigns
Image courtesy of KnowBe4

Campaign Analysis

Two primary campaigns contributed to the increase in SVG phishing. The first campaign utilized SVG attachments with polymorphic file names, designed to appear as routine system notifications. These emails often originated from compromised accounts to evade detection. The second campaign featured “missed message” phishing emails prompting users to open attachments, which contained JavaScript that redirected users to credential harvesting sites.

Phishing attack detected by KnowBe4 Defend with malicious SVG file attachment featuring polymorphic file name.
Image courtesy of KnowBe4

Detection Challenges with SVGs

SVG files present unique challenges for cybersecurity defenses. Their XML structure can incorporate scripts that are invisible to users and certain virus scanners, making them an attractive option for cybercriminals. Traditional email security filters often overlook SVGs, as they are generally considered safe file types.

Advanced Threat Mitigation

Organizations should adopt advanced email security measures that include contextual analysis, attachment inspection, and natural language processing to distinguish between legitimate communication and phishing attempts. Implementing zero trust approaches can further enhance security by analyzing all factors surrounding email communication.

Credential harvesting website designed to steal Microsoft logins, with target’s email address prefilled.
Image courtesy of KnowBe4

GrackerAI's Role

GrackerAI offers an AI-powered cybersecurity marketing platform that helps organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI enables marketing teams to identify emerging trends and produce relevant content that resonates with cybersecurity professionals. This capability is essential in combating threats like those posed by SVG phishing attempts and ensuring timely, targeted marketing materials for cybersecurity vendors.

Explore our services or contact us at GrackerAI to leverage our tools in enhancing your cybersecurity content strategy. Visit us at https://gracker.ai.

Abhimanyu Singh
Abhimanyu Singh

Engineering Manager

 

Engineering Manager driving innovation in AI-powered SEO automation. Leads the development of systems that automatically build and maintain scalable SEO portals from Google Search Console data. Oversees the design and delivery of automation pipelines that replace traditional $360K/year content teams—aligning engineering execution with business outcomes.

Related Articles

Optimizing SEO for AI Search: Best Practices and Strategies

Bay Area, CA - Salazar Digital has developed a marketing strategy designed to excel in AI-driven search rankings. As artificial intelligence reshapes how search engines evaluate and rank content, traditional SEO methods alone are insufficient. Salazar Digital combines technical expertise, creative content strategies, and user-centric design to enhance visibility and user engagement.

By Hitesh Kumawat July 29, 2025 4 min read
Read full article

Leveraging AI Analytics for Customer Engagement and Business Growth

Customer Profitability Analysis AI Agents are transforming how businesses understand and maximize customer value. These digital teammates utilize advanced machine learning to deliver real-time insights, predict future profitability, and provide granular analysis of customer profitability. By automating complex data processing and offering actionable recommendations, they streamline what was once a labor-intensive process into a dynamic powerhouse of predictive analytics.

By Govind Kumar July 29, 2025 4 min read
Read full article

Launch of New Master’s Programs in Digital Marketing Worldwide

The University of Technology Bahrain (UTB) has launched its Master of Science in Digital Marketing program, highlighted during a ceremony attended by key figures in the education sector. Dr. Hasan Almulla, President of UTB, expressed gratitude to the Higher Education Council and emphasized the program's relevance in the rapidly evolving field of digital marketing. "The field of digital marketing is witnessing unprecedented growth, and our program is designed to keep up with this transformation," he stated.

By Ankit Lohar July 28, 2025 3 min read
Read full article

400,000 WordPress Sites at Risk: Critical Plugin Flaw Exposed

A serious vulnerability, known as CVE-2025-24000, has been identified in the Post SMTP WordPress plugin, which is utilized by over 400,000 websites. This vulnerability allows low-privileged users to take control of administrator accounts due to broken access controls in the plugin’s REST API. The flaw, rated with a CVSS score of 8.8, has been addressed in version 3.3.0 of the plugin.

By Vijay Shekhawat July 28, 2025 3 min read
Read full article