CVE Catalog

CVE-2025-32424

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Summary

AutoGPT is a workflow automation platform that prior to version 0.6.63 had an issue with the ScreenshotWebPageBlock storing screenshots in a temporary directory. The StepThroughItemsBlock did not limit the number of iterations, which could lead to disk space exhaustion and a DoS attack.

Risk Assessment

The organization may experience service outages due to disk space exhaustion, potentially caused by a malicious user taking many screenshots.

Recommendation

It is recommended to upgrade to version 0.6.63 to patch this vulnerability and to monitor disk space usage to prevent DoS attacks.

Original NVD description (English source)

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. `StepThroughItemsBlock` can be used to iterate `ScreenshotWebPageBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `ScreenshotWebPageBlock` does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS