Nigeria’s National Information Technology Development Agency (NITDA) on Monday, December 8, 2025, issued a cybersecurity advisory warning Nigerians about newly discovered vulnerabilities in OpenAI’s GPT-4.0 and GPT-5 large language models that could expose users to data-leakage risks.
In the notice, released through NITDA’s Computer Emergency Readiness and Response Team (CERRT.NG), the agency said seven critical flaws were identified in the models, allowing attackers to manipulate ChatGPT via indirect prompt injections embedded in webpages, online comments, or crafted URLs.
Director of Corporate Affairs and External Relations at NITDA, Mrs. Hadiza Umar, said the flaws could bypass safety filters, exploit markdown rendering weaknesses, and even “poison ChatGPT’s memory so that injected instructions persist across future interactions,” posing substantial risks to both individual and enterprise users.
“Attackers can cause ChatGPT to execute unintended commands during routine browsing, summarisation, or search activities without any direct user interaction,” Umar said.
She further stated that although OpenAI has implemented partial fixes, large language models still face challenges in distinguishing legitimate user intent from malicious embedded data. The vulnerabilities could result in unauthorised actions, information leakage, manipulated outputs, and long-term behavioural influence.
To mitigate the risks, NITDA urged users and organisations to limit or disable ChatGPT’s browsing and summarisation capabilities on untrusted websites, enable features like browsing or memory only when necessary, and regularly update GPT-4.0 and GPT-5 models to apply available security patches.
Meanwhile, CERRT.NG also warned about a fresh attack method affecting Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense (FTD) devices, which could cause unexpected network outages by forcibly rebooting affected systems.
