CVE-2025-32422
HighCVSS 8.7Summary
In AutoGPT prior to version 0.6.63, the `StepThroughItemsBlock` allowed iterating through all list items and downloading them via `FileStoreBlock`, which could lead to disk space exhaustion.
Risk Assessment
A malicious user could exploit this vulnerability to perform a DoS attack, causing the current working directory to run out of disk space.
Recommendation
It is recommended to upgrade to version 0.6.63 to patch this vulnerability and limit the potential for disk space exhaustion.
Original NVD description (English source)
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a list and send them to `FileStoreBlock` for downloading one by one. Although `FileStoreBlock` has access time limits for downloading files, `StepThroughItemsBlock` can be used to slowly iterate and download relatively small files (e.g., 100M) multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `FileStoreBlock` does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to download too many videos, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.

