What is the CVSS score of CVE-2025-1040?

CVE-2025-1040 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.7%.

Which versions of Ssti are affected by CVE-2025-1040?

CVE-2025-1040 presents significant security risk rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.. A patch is available.

Is there a public PoC exploit available for CVE-2025-1040?

Yes, a public proof-of-concept exploit is available for CVE-2025-1040. Prioritise patching immediately. EPSS: 1.7%.

How to fix or mitigate CVE-2025-1040?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Ssti CVE-2025-1040

HIGH

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

2025-03-20 security@huntr.dev

RCE Ssti Autogpt Platform

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

Patch released

Mar 28, 2026 - 18:32 nvd

Patch available

PoC Detected

Oct 15, 2025 - 13:16 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

HIGH 8.8

DescriptionNVD

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.

AnalysisAI

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1336. AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0. Affected products include: Agpt Autogpt Platform. Version information: version 0.4.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.