Thesamur's AutoGPT. This CVE-2025-41023
Lifecycle Timeline
2DescriptionCVE.org
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.
AnalysisAI
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms.
Technical ContextAI
Classified as CWE-287 (Improper Authentication). An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.
Affected ProductsAI
An authentication bypass vulnerability has been found in Thesamur's AutoGPT
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today