Skip to main content

AutoGPT CVE-2025-32392

| EUVDEUVD-2025-210279 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-06-18 GitHub_M
8.7
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable, low-complexity DoS; PR:L because submitting a workflow realistically requires an authenticated user on the AutoGPT instance, with availability-only impact (A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 18, 2026 - 19:01 EUVD
Analysis Generated
Jun 18, 2026 - 17:01 vuln.today

DescriptionCVE.org

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.

AnalysisAI

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthenticated users to fill disk space by abusing the LoopVideoBlock's unbounded loop count parameter. The platform writes the resulting oversized video to disk, exhausting available storage and crashing the host. No public exploit identified at time of analysis, but CVSS 4.0 rates this 8.7 (High) due to network reachability and unauthenticated trigger path.

Technical ContextAI

AutoGPT is a workflow automation platform for building and running continuous AI agents, identified by CPE cpe:2.3:a:significant-gravitas:autogpt. The vulnerable component is LoopVideoBlock, a block that accepts a user-supplied video and a loop-count parameter, then concatenates the video N times and writes the result to local disk. The root cause maps to CWE-400 (Uncontrolled Resource Consumption): the block never bounds the loop count or the resulting file size, so the output grows linearly with attacker input and is materialized to the filesystem of the AutoGPT host.

RemediationAI

Vendor-released patch: AutoGPT 0.6.63 - upgrade to this release, which bounds resource allocation in LoopVideoBlock, per the GHSA-267x-8jx3-gg6w advisory at https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-267x-8jx3-gg6w. If immediate upgrade is not possible, compensating controls include disabling or removing the LoopVideoBlock from the available block registry (trade-off: legitimate video-loop workflows break), enforcing per-user disk quotas on the AutoGPT host filesystem to contain blast radius (trade-off: legitimate large outputs may also fail), and placing AutoGPT behind authentication plus restricting workflow execution to trusted operators (trade-off: reduces self-service utility). Monitoring free disk space and alerting on rapid growth in the AutoGPT output directory is a useful detection layer.

CVE-2026-55237 HIGH
8.8 Jun 18

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScri

CVE-2025-32437 HIGH
8.7 Jun 18

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by

CVE-2025-32424 HIGH
8.7 Jun 18

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining

CVE-2025-32422 HIGH
8.7 Jun 18

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on t

CVE-2026-56663 HIGH
8.5 Jun 26

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the Send

CVE-2026-33232 HIGH
7.5 May 19

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust s

CVE-2026-30950 HIGH
7.1 May 18

Authenticated session hijacking in Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 allows any logged-in user

CVE-2025-32436 HIGH
7.1 Jun 18

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform

CVE-2026-56823 MEDIUM
5.4 Jun 26

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the ta

CVE-2025-32423 MEDIUM
5.3 Jun 26

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust s

CVE-2025-32394 MEDIUM
5.3 Jun 26

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplificatio

Share

CVE-2025-32392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy