CVE-2025-41023 | THREATINT

Description

An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.

PUBLISHED Reserved 2025-04-16 | Published 2026-02-19 | Updated 2026-02-23 | Assigner INCIBE

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

All versions

affected

Credits

Gonzalo Aguilar García (6h4ack) finder

References

www.incibe.es/...o/authentication-bypass-autogpt-de-thesamur

cve.org (CVE-2025-41023)

nvd.nist.gov (CVE-2025-41023)

Download JSON