EUVD-2025-209827CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.
AnalysisAI
Disk exhaustion in AutoGPT Platform before version 0.6.32 enables denial of service through unbounded Docker container log accumulation under high user access volume. The platform writes execution activity to stdout/stderr without any rotation or size cap, and Docker captures these logs indefinitely to host disk - a CWE-770 resource allocation failure. No public exploit has been identified at time of analysis; SSVC confirms exploitation status of none, and EPSS is 0.01% (3rd percentile), indicating negligible observed exploitation probability.
Technical ContextAI
The root cause is CWE-770 (Allocation of Resources Without Limits or Throttling) in Python's logging configuration. AutoGPT Platform used the standard logging.FileHandler for three log streams - activity, debug, and error - without size limits or rotation policies. In Docker container deployments, these handlers write to files while Docker simultaneously captures all stdout/stderr to its own container log storage, compounding unbounded growth. The fix, confirmed in commit 57a06f70883ce6be18738c6ae8bb41085c71e266, replaces all three FileHandler instances with RotatingFileHandler configured at 10MB per file with 3 backup files, capping each log stream at approximately 40MB total. The same release also added DoS guards to the iteration and LLM chunking blocks. Affected product CPE: cpe:2.3:a:agpt:autogpt_platform:*:*:*:*:*:*:*:*.
RemediationAI
Upgrade to autogpt-platform-beta-v0.6.32, which is confirmed by GitHub security advisory GHSA-vw3v-whvp-33v5 and commit 57a06f70883ce6be18738c6ae8bb41085c71e266 to replace unbounded FileHandler instances with RotatingFileHandler (10MB per file, 3 backups, ~40MB total cap per log stream). For operators unable to patch immediately, configure Docker's built-in log rotation in docker-compose.platform.yml using the logging driver options max-size and max-file - the referenced file at https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/docker-compose.platform.yml#L102-L142 is the direct configuration target. A third compensating control is OS-level logrotate targeting Docker's container log path (typically /var/lib/docker/containers/), though this requires host access and does not prevent initial fill between rotation intervals. Note that the 40MB total cap per log type in the patched release may be insufficient for very verbose production deployments and should be monitored post-upgrade.
More from same product – last 7 days
Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec
Code injection in the anyquery chrome_tabs plugin (and Brave/Edge/Safari variants) on macOS allows an authenticated SQL
Remote code execution in DbGate (npm package dbgate-api) versions 7.1.8 and earlier allows any authenticated user with b
{id}) or delete (DELETE /api/projects) any project on the platform, triggering cascading deletion of associated Function
Authenticated zone-file injection in Froxlor <=2.3.6 allows a customer with DNS editing enabled to inject newline charac
Share
External POC / Exploit Code
Leaving vuln.today