cvedb.io
CVE-2025-7021
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-07-10T20:15:28.380 · Last modified 2026-06-17T10:04:06.837

Summary

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.

Affected products

openai — operator

Does this affect you?

Add your gear to cvedb and we'll alert you only when openai ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.