CVE-2025-32394 | AutoGPT is a workflow automation platform for creating, depl… | CVSS 5.3 MEDIUM

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.

Metadata

CVE ID: CVE-2025-32394
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2025-04-06 19:46 UTC
Published: 2026-06-26 16:11 UTC
Last updated: 2026-06-27 02:39 UTC
Primary CWE: CWE-770
CWE-770: Allocation of Resources Without Limits or Throttlin…
Vendor / Product: Significant-Gravitas / AutoGPT
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Significant-Gravitas	AutoGPT	—	< 0.6.32

Weakness (CWE)

CWE	Source	Description
CWE-405	cna	CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-770	cna	CWE-770: Allocation of Resources Without Limits or Throttling

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (1)

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-955p-gpfx-r66j https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-955p-gpfx-r66j