Denial of Service Risk in AutoGPT Platform from Significant Gravitas
CVE-2025-31490
7.5HIGH
Key Information:
- Vendor
- Significant-gravitas
- Status
- Autogpt
- Vendor
- CVE Published:
- 14 April 2025
Summary
The AutoGPT platform, designed for managing AI agents, previously contained a vulnerability that exposed it to server-side request forgery (SSRF) due to inadequate DNS resolution validation. Specifically, before version 0.6.1, the platform's request processing allowed malicious actors to exploit DNS rebinding attacks. The flawed validation check only ensured the requested hostname did not resolve to local IP addresses at initial validation, potentially leading to further exploitation once the URL was passed to the actual request function. This flaw has been addressed in version 0.6.1, improving security measures against such vulnerabilities.
Affected Version(s)
AutoGPT < 0.6.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved