What is the CVSS score of CVE-2025-62615?

CVE-2025-62615 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2025-62615?

A critical vulnerability (CVSS 9.8) in AutoGPT enables unauthenticated attackers to compromise AI agent platforms and automate malicious workflows at scale.

Is there a public PoC exploit available for CVE-2025-62615?

Yes, a public proof-of-concept exploit is available for CVE-2025-62615. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-62615?

Within 24 hours: Identify all AutoGPT instances in your environment and isolate them from production networks; disable AutoGPT deployments if business continuity permits. Within 7 days: Conduct forensic audit of AutoGPT logs for suspicious agent creation, API calls, and data access; notify stakeholders of potential exposure. Within 30 days: Implement compensating controls (network segmentation, WAF rules, API throttling); maintain isolation until vendor releases patch; evaluate alternative orchestration platforms.

AI / ML CVE-2025-62615

CRITICAL

Server-Side Request Forgery (SSRF) (CWE-918)

2026-02-04 security-advisories@github.com

SSRF AI / ML Autogpt Platform

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 17, 2026 - 19:57 vuln.today

Public exploit code

CVE Published

Feb 04, 2026 - 23:15 nvd

CRITICAL 9.8

DescriptionNVD

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the input URL is not filtered, which will cause SSRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.6.34.

AnalysisAI

AutoGPT has a Server-Side Request Forgery vulnerability (CVSS 9.8) allowing unauthenticated attackers to make the AI platform access internal network resources.

Technical ContextAI

AutoGPT has a CWE-918 SSRF vulnerability that allows unauthenticated attackers to make the platform send requests to arbitrary internal and external destinations.

RemediationAI

Update AutoGPT. Implement URL allowlisting and block internal IP ranges.

CVE-2025-62615 vulnerability details – vuln.today

Back

AI / ML CVE-2025-62615

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code