Server-Side Request Forgery in AutoGPT Platform by Significant Gravitas
CVE-2025-22603

7.7HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-22603?

The AutoGPT platform, utilized for creating and managing AI agents, contains a server-side request forgery (SSRF) vulnerability impacting versions earlier than autogpt-platform-beta-v0.4.2. This vulnerability arises due to the lack of restrictions on IPV6 addresses, enabling attackers to exploit the system by sending requests to IPV6 services. The recent update in version autogpt-platform-beta-v0.4.2 effectively remediates this issue.

Affected Version(s)

AutoGPT < autogpt-platform-beta-v0.4.2

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

https://github.com/Significant-Gravitas/AutoGPT/commit/26...

x_refsource_MISC

https://boatneck-faucet-cba.notion.site/SSRF-of-AutoGPT-1...

x_refsource_MISC

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Jan 7, 2025

Significant-gravitas

What is CVE-2025-22603?

Affected Version(s)

References

CVSS V4

Timeline