Threat Bulletin

Blackwell Helix Threat Bulletin: ChatGPT SSRF Vulnerability (CVE-2024-27564) Exploited in Healthcare Attacks

By: Seth Feldman
March 21, 2025
threatbulletinheader

Key Alert:

A Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-27564, previously discovered in ChatGPT’s infrastructure, has recently been seen in attacks on the healthcare industry. This flaw allows attackers to inject malicious URLs, compelling the application to make arbitrary requests. Cyber threat actors have exploited this vulnerability, launching over 10,000 attacks globally, with healthcare organizations among the primary targets.

Threat Overview:

CVE-2024-27564 is an SSRF vulnerability located in the pictureproxy.php component of ChatGPT’s codebase and does not require authentication to be exploited. By injecting crafted URLs into the url parameter, attackers can manipulate the application to initiate unauthorized requests, leading to unauthorized data access, internal network scanning, local file inclusion, and further infiltration into sensitive systems.

Key aspects include:

  • Attack Vector: Remote exploitation through crafted URL injection into ChatGPT’s pictureproxy.php.
  • Targeted Systems: ChatGPT implementations within healthcare environments, particularly those integrated into clinical workflows and data management systems.
  • Notable Characteristics: Active exploitation in the wild, with over 10,000 attack attempts observed globally, affecting financial institutions, healthcare, and government organizations.

Current Threat Landscape:

Although CVE-2024-27564 was initially identified in 2024, no known patch exists as of this post, and recent threat intelligence confirms that cyber adversaries continue to exploit ChatGPT implementations in healthcare environments. This ongoing activity underscores threat actors’ persistence and resourcefulness, capitalizing on legacy vulnerabilities and outdated deployments. This threat underscores the urgent need for healthcare organizations to reexamine their security measures and deploy compensating controls while awaiting an official fix.

Healthcare Impacts:

  • Data Breaches: Unauthorized access to Protected Health Information (PHI) could result in significant privacy violations and HIPAA non-compliance.
  • Operational Disruptions: Exploitation may lead to system downtimes, affecting critical healthcare services such as Electronic Health Records (EHR) systems and telemedicine platforms.
  • Financial and Reputational Damage: Breaches can lead to substantial financial penalties and erosion of patient trust.

Exploitation Method:

Attackers exploit this vulnerability by injecting malicious URLs into the url parameter of the pictureproxy.php script in ChatGPT. This SSRF flaw forces the application to make arbitrary requests, potentially accessing internal resources and sensitive data.

Affected Products and Versions:

  • ChatGPT Implementations: All versions utilizing the vulnerable pictureproxy.php component.

Indicators of Compromise (IoCs):

  • Unusual Outbound Requests: Unexpected external requests originating from internal systems.
  • Anomalous Application Behavior: Irregularities in application performance or unexpected data access patterns.
  • Unauthorized Network Scans: Detection of internal network scanning activities initiated from compromised systems.

Known IPv4 Addresses

  • 31[.]56[.]56[.]156
  • 38[.]60[.]191[.]7
  • 94[.]156[.]177[.]106
  • 159[.]192[.]123[.]190
  • 119[.]82[.]255[.]34
  • 103[.]251[.]223[.]127
  • 104[.]143[.]229[.]115
  • 114[.]10[.]44[.]40
  • 116[.]212[.]150[.]192
  • 145[.]223[.]59[.]188
  • 167[.]100[.]106[.]99
  • 174[.]138[.]27[.]119
  • 212[.]237[.]124[.]38
  • 216[.]158[.]205[.]221

Tactics, Techniques, and Procedures (TTPs):

TacticsTechniques
Initial AccessExternal Remote Services (T1133)
DiscoveryFile and Directory Discovery (T1083)
ExecutionCommand and Scripting Interpreter (T1059)
ExfiltrationExfiltration Over Alternative Protocol (T1048)

Recommendations for Healthcare Organizations:

Immediate Actions:

  • Disable or Limit the Vulnerable Component: If possible, temporarily disable the pictureproxy.php functionality or restrict its use to minimize exposure until a patch is available.
  • Restrict Network Access: Enforce strict network segmentation and limit external access to the ChatGPT implementation, reducing the potential attack surface.
  • Deploy Web Application Firewalls (WAF): Implement WAF rules to block malicious URL injections targeting vulnerable parameters.
  • Enhance Monitoring and Logging: Upgrade logging configurations and monitor for abnormal outbound requests, internal file access attempts, and indicators of SSRF exploitation or local file inclusion.
  • Implement Compensating Controls: Apply temporary measures such as input validation improvements, rate limiting, and strict access controls to mitigate the risk while awaiting an official patch.

Long-Term Defense:

  • Regular System Updates: To minimize exploitable vulnerabilities, maintain a disciplined patch management cycle across all systems, including AI-powered applications.
  • Prioritize AI-Related Security Gaps in Risk Assessments: Revise your risk assessment frameworks to include AI-driven systems and integrations explicitly. This involves identifying vulnerabilities unique to AI and machine learning components, regularly evaluating their security posture, and ensuring that emerging AI-specific threats are factored into your strategic defense planning.
  • Segmentation and Isolation: Limit the exposure of vulnerable AI-driven systems by isolating them from critical network segments. This minimizes the potential for lateral movement and reduces the risk of a broader compromise.
  • Incident Response Planning: Develop and regularly test incident response plans to address potential security breaches effectively.

Leadership Guidance:

Healthcare leaders should prioritize the immediate assessment and mitigation of this vulnerability to protect patient data and ensure the continuity of healthcare services. Investing in robust security measures and fostering a culture of cybersecurity awareness are essential steps in safeguarding organizational assets.

Blackwell Security MHXDR Customers:

Blackwell Security provides continuous monitoring and threat intelligence to help identify potential exploitation of vulnerabilities like CVE-2024-27564. While we do not perform remediation activities, we offer guidance and recommendations to assist your organization’s security teams in effectively addressing such threats.

References:

Tags
Healthcare Threat Bulletin
About the Author
Seth Profile Picture
Seth Feldman
Principal, Threat & Security Response
Seth Feldman is a cybersecurity expert and a key leader at Blackwell Security. With extensive experience in incident response, intrusion detection, and penetration testing, Seth specializes in safeguarding organizations against evolving threats. At Blackwell Security, Seth is pivotal in designing and implementing tailored cybersecurity solutions, ensuring clients stay ahead of sophisticated attacks. Known for his strategic thinking and clear communication, Seth is committed to enhancing cybersecurity practices across industries and empowering organizations to navigate complex security challenges confidently.
More from this author
Back to Resources
Related Resources
View all
threatbulletinheader
Threat Bulletin
Blackwell Helix Threat Bulletin: ChatGPT SSRF Vulnerability (CVE-2024-27564) Exploited in Healthcare Attacks
March 21, 2025
March 21, 2025
Read More
Articles
Blackwell Security's Industry-Leading Certifications & Compliance Standards
March 18, 2025
March 18, 2025
Read More
Blog
The Path to an Autonomous SOC: Blackwell’s Healthcare Security Revolution
March 3, 2025
March 3, 2025
Read More
Blackewll logo
Blackwell is cybersecurity made for healthcare.

Our comprehensive security platform and expert managed services provide the most complete protection for healthcare organizations. Leading providers across North America trust Blackwell to reduce cyber risk, stay compliant, and build trusted experiences across the care continuum.

© 2025 Blackwell Security | Privacy Policy | Sitemap