CVE-2025-32437 | THREATINT

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `MediaDurationBlock ` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.

PUBLISHED Reserved 2025-04-08 | Published 2026-06-18 | Updated 2026-06-18 | Assigner GitHub_M

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

< 0.6.63

affected

References

github.com/...utoGPT/security/advisories/GHSA-rg6v-m9x9-7wf9 exploit

github.com/...utoGPT/security/advisories/GHSA-rg6v-m9x9-7wf9

cve.org (CVE-2025-32437)

nvd.nist.gov (CVE-2025-32437)

Download JSON