Denial of Service Vulnerability in AutoGPT by Significant Gravitas
CVE-2025-32393

8.7HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 5 February 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2025-32393?

AutoGPT, a platform designed for creating and managing artificial intelligence agents, has a vulnerability in its ReadRSSFeedBlock feature. This vulnerability occurs when the RSS feed parser accesses user-provided URLs without imposing limitations on parsing time and resource allocation. Malicious users can exploit this by crafting a deep XML structure to exhaust memory resources, leading to a denial of service. This issue has been addressed in version autogpt-platform-beta-v0.6.32.

Affected Version(s)

AutoGPT < autogpt-platform-beta-v0.6.32

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

https://github.com/Significant-Gravitas/AutoGPT/commit/57...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2026
Vulnerability Reserved
Apr 6, 2025

CVE-2025-32393 Data

JSON