SSRF Vulnerability in AutoGPT Affects Workflow Automation Tools
CVE-2025-62615

9.3CRITICAL

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 4 February 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2025-62615?

AutoGPT, a platform designed for creating and managing AI agents for automated workflows, was found to have a vulnerability in its RSSFeedBlock component. This vulnerability arises from the use of the third-party library urllib.request.urlopen, which allows unfiltered direct access to user-supplied URLs. Such behavior can potentially lead to Server-Side Request Forgery (SSRF) attacks, allowing an attacker to cause the server to make unintended requests. The issue has been addressed in the version autogpt-platform-beta-v0.6.34, where input filtering was implemented to mitigate the risk.

Affected Version(s)

AutoGPT < autogpt-platform-beta-v0.6.34

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Oct 16, 2025

CVE-2025-62615 Data

JSON