CVE-2025-51863

MEDIUM

ChatGPT Unli thru 2025-05-26 - Stored Cross-Site Scripting via SVG File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-51863. PoCs published by Secsys-FDU.

AI-analyzed exploit summary The repository provides a technical description of a Self-XSS vulnerability in ChatGPTUtil, including attack vectors and a proof-of-concept payload. It lacks functional exploit code but includes detailed technical analysis of the vulnerability.

Description

Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface.

Exploits (1)

nomisec WRITEUP

by Secsys-FDU · poc

https://github.com/Secsys-FDU/CVE-2025-51863

View Code ZIP pw:eip

The repository provides a technical description of a Self-XSS vulnerability in ChatGPTUtil, including attack vectors and a proof-of-concept payload. It lacks functional exploit code but includes detailed technical analysis of the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ChatGPTUtil (version not specified)

No auth needed

Prerequisites: Victim interaction (pasting malicious payload into chat interface)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/Secsys-FDU/CVE-2025-51863

Scores

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Jul 22, 2025

Tracked Since Feb 18, 2026