CVE-2025-32422

Summary

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access time limits for downloading files, StepThroughItemsBlock can be used to slowly iterate and download relatively small files (e.g., 100M) multiple times. StepThroughItemsBlock does not limit the number of loops. In addition, FileStoreBlock does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to download too many videos, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.

Affected Software

VendorProductVersion RangeStatus
Significant-GravitasAutoGPT< 0.6.63affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References