CVE-2025-32423 | AutoGPT is a workflow automation platform for creating, depl… | CVSS 5.3 MEDIUM

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.

Metadata

CVE ID: CVE-2025-32423
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2025-04-08 10:54 UTC
Published: 2026-06-26 16:09 UTC
Last updated: 2026-06-26 16:09 UTC
Primary CWE: CWE-770
CWE-770: Allocation of Resources Without Limits or Throttlin…
Vendor / Product: Significant-Gravitas / AutoGPT
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
Significant-Gravitas	AutoGPT	—	< 0.6.32

Weakness (CWE)

CWE	Source	Description
CWE-770	cna	CWE-770: Allocation of Resources Without Limits or Throttling

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (1)

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-pppq-xx2w-7jpq https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-pppq-xx2w-7jpq