CVE-2025-7021

Name of the Vulnerable Software and Affected Versions: OpenAI Operator SaaS on Web (affected versions not specified)

Description: A flaw exists in the handling of the Fullscreen API and UI rendering that allows a remote attacker to capture sensitive user input, such as login credentials and email addresses. This is achieved by displaying a deceptive fullscreen interface with fake browser controls and a distracting element, like a cookie consent screen, to obscure fullscreen notifications. This manipulation tricks users into interacting with a malicious site.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.