Server-Side Request Forgery in AutoGPT Platform by Significant Gravitas
CVE-2025-22603

7.7HIGH

Key Information:

Vendor

Significant-gravitas

Status
Autogpt
Vendor
CVE Published:
10 March 2025

What is CVE-2025-22603?

The AutoGPT platform, utilized for creating and managing AI agents, contains a server-side request forgery (SSRF) vulnerability impacting versions earlier than autogpt-platform-beta-v0.4.2. This vulnerability arises due to the lack of restrictions on IPV6 addresses, enabling attackers to exploit the system by sending requests to IPV6 services. The recent update in version autogpt-platform-beta-v0.4.2 effectively remediates this issue.

Affected Version(s)

AutoGPT < autogpt-platform-beta-v0.4.2

References

https://github.com/Significant-Gravitas/AutoGPT/security/...
x_refsource_CONFIRM
https://github.com/Significant-Gravitas/AutoGPT/commit/26...
x_refsource_MISC
https://boatneck-faucet-cba.notion.site/SSRF-of-AutoGPT-1...
x_refsource_MISC

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-22603 : Server-Side Request Forgery in AutoGPT Platform by Significant Gravitas