Denial of Service Vulnerability in AutoGPT by Significant Gravitas
CVE-2025-32422

8.7HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 18 June 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2025-32422?

AutoGPT, a platform for workflow automation and AI agent management, contains a vulnerability in the StepThroughItemsBlock. This component allows malicious users to iterate through a list and download files without any limit on the number of iterations, leading to excessive disk space consumption. FileStoreBlock does impose time limits on file downloads, but it fails to restrict overall disk usage in the working directory. As a result, users can trigger a denial of service (DoS) by continually downloading small files, potentially exhausting available disk space. The issue has been addressed in version 0.6.63.

Affected Version(s)

AutoGPT < 0.6.63

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Apr 8, 2025

CVE-2025-32422 Data

JSON