Data Handling Flaw in AutoGPT by Significant Gravitas
CVE-2025-32436

7.1HIGH

Key Information:

Vendor

Significant-gravitas

Status
Autogpt
Vendor
CVE Published:
18 June 2026

What is CVE-2025-32436?

AutoGPT, a workflow automation platform for managing artificial intelligence agents, has a resource handling flaw that can lead to denial of service (DoS). Versions prior to 0.6.63 leverage the AddAudioToVideoBlock and StepThroughItemsBlock, which do not appropriately manage temporary media files during processes. Specifically, the system fails to delete these files, and StepThroughItemsBlock can execute indefinite loops without limits. This can cause excessive disk space consumption, particularly if a malicious user initiates multiple media processing tasks, ultimately resulting in a system slowdown or crash. Users are advised to update to version 0.6.63, which addresses this issue.

Affected Version(s)

AutoGPT < 0.6.63

References

https://github.com/Significant-Gravitas/AutoGPT/security/...
x_refsource_CONFIRM

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.