Denial of Service Risk in AutoGPT Workflow Automation Platform
CVE-2025-32437

8.7HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 18 June 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2025-32437?

The AutoGPT workflow automation platform prior to version 0.6.63 is susceptible to a denial of service attack due to improper handling of video files. The MediaDurationBlock improperly downloads and retains video files in a temporary directory without deletion, which can result in excessive disk space consumption. Additionally, the StepThroughItemsBlock allows multiple iterations of the MediaDurationBlock, potentially causing the application to run out of disk space when subjected to malicious usage, such as repeated screenshots of numerous web pages resulting in a denial of service condition.

Affected Version(s)

AutoGPT < 0.6.63

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Apr 8, 2025

CVE-2025-32437 Data

JSON