Skip to main content

AutoGPT EUVDEUVD-2025-210363

| CVE-2025-32423 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-26 GitHub_M
5.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable with low-privilege auth (AV:N/PR:L); memory exhaustion crashes entire service warranting A:H over vendor's VA:L; no confidentiality or integrity impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 26, 2026 - 18:02 EUVD
Analysis Generated
Jun 26, 2026 - 17:29 vuln.today

DescriptionCVE.org

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.

AnalysisAI

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust server memory with disproportionately small inputs - a 10KB submission forces approximately 50GB of server-side memory allocation, a 5,000,000:1 amplification ratio. All AutoGPT versions prior to 0.6.32 by Significant-Gravitas are affected. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the vendor released a fix in version 0.6.32.

Technical ContextAI

AutoGPT (CPE: cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*) is an open-source workflow automation platform for constructing and deploying AI agent pipelines. The vulnerability resides in the ExtractTextInformationBlock component, a processing block responsible for parsing or transforming text input, likely through LLM prompt construction, recursive text expansion, or an unbounded parsing operation. CWE-770 (Allocation of Resources Without Limits or Throttling) identifies the root cause: the component does not enforce any ceiling on memory allocated in proportion to input size, creating a classic resource amplification path. The server-side amplification magnitude (5 million to one) suggests the block performs an operation - such as generating large intermediate data structures, constructing oversized prompts, or performing combinatorial text processing - that scales non-linearly with input length.

RemediationAI

Upgrade to AutoGPT version 0.6.32 or later, which contains the vendor-confirmed fix per advisory GHSA-pppq-xx2w-7jpq at https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-pppq-xx2w-7jpq. If immediate upgrade is not feasible, restrict access to AutoGPT workflow creation - particularly the ExtractTextInformationBlock component - to explicitly trusted users only, reducing the authenticated attack surface. Additionally, enforce memory limits on the AutoGPT server process via container cgroup constraints or OS-level ulimits (e.g., limiting the process to 8GB RAM); this will not prevent the DoS but will contain its blast radius and may cause the request to fail rather than crashing the entire host. Placing an API gateway or reverse proxy in front of AutoGPT with input body size limits (e.g., max 100KB per request) can further reduce amplification potential, though the specific expansion trigger is not fully disclosed. Note that memory caps may cause instability in legitimate large-workload scenarios - evaluate against normal usage patterns before applying.

CVE-2026-55237 HIGH
8.8 Jun 18

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScri

CVE-2025-32437 HIGH
8.7 Jun 18

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by

CVE-2025-32424 HIGH
8.7 Jun 18

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining

CVE-2025-32422 HIGH
8.7 Jun 18

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on t

CVE-2025-32392 HIGH
8.7 Jun 18

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthentic

CVE-2026-56663 HIGH
8.5 Jun 26

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the Send

CVE-2026-33232 HIGH
7.5 May 19

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust s

CVE-2026-30950 HIGH
7.1 May 18

Authenticated session hijacking in Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 allows any logged-in user

CVE-2025-32436 HIGH
7.1 Jun 18

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform

CVE-2026-56823 MEDIUM
5.4 Jun 26

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the ta

CVE-2025-32394 MEDIUM
5.3 Jun 26

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplificatio

Share

EUVD-2025-210363 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy