CVE-2025-53944

HIGH EPSS 32.4%
Published Jul 30, 202511mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 3.1
High
Find Similar
Published Jul 30, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.

CVSS Details

Base Score
7.7
Exploitability
3.1
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
32.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-285
CWE-639

Affected Products 1

VendorProductVersionRange
agptautogpt_platform0.6.13any

References 3

  • github.com https://github.com/Significant-Gravitas/AutoGPT/commit/309114a727baa2063357810d444e9a119f8dd7f6
    Patch
  • github.com https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.16
    Release Notes
  • github.com https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-x77j-qg2x-fgg6
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/Significant-Gravitas/AutoGPT/commit/309114a727baa2063357810d444e9a119f8dd7f6
    Patch