CVE-2025-7021
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-24
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openai | operator | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Fullscreen API spoofing and UI redressing in the OpenAI Operator SaaS on the web. A remote attacker can display a deceptive fullscreen interface with fake browser controls and distracting elements, such as a cookie consent screen, to obscure fullscreen notifications. This tricks users into interacting with the malicious site, allowing the attacker to capture sensitive user input like login credentials and email addresses.
How can this vulnerability impact me? :
The vulnerability can lead to the theft of sensitive user information, including login credentials and email addresses, by tricking users into interacting with a fake fullscreen interface. This can result in unauthorized access to user accounts and potential identity theft or other malicious activities.