Plattform
python
Komponente
autogpt
Behoben in
0.6.2
CVE-2025-31490 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in AutoGPT, an AI agent automation platform. This flaw allows attackers to bypass hostname validation and potentially access internal resources or services. The vulnerability impacts versions of AutoGPT prior to 0.6.1. A fix has been released in version 0.6.1.
The SSRF vulnerability in AutoGPT arises from inadequate validation of hostnames within the requests wrapper. While the code attempts to prevent SSRF by blocking requests to local IPv4 and IPv6 addresses, this check is insufficient to prevent DNS rebinding attacks. An attacker could exploit this by manipulating DNS records to resolve a hostname to an internal IP address, effectively bypassing the intended security measure. This could lead to unauthorized access to internal APIs, databases, or other sensitive resources within the AutoGPT environment. The potential blast radius depends on the internal services accessible from the AutoGPT server.
This vulnerability was publicly disclosed on 2025-04-14. There is currently no indication of active exploitation campaigns targeting AutoGPT. No public proof-of-concept (PoC) code has been released, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations and individuals deploying AutoGPT for automation tasks are at risk. Specifically, those running AutoGPT in environments with sensitive internal resources or services are particularly vulnerable. Shared hosting environments where AutoGPT is deployed alongside other applications may also be at increased risk.
• python / server:
import socket
import requests
def check_dns_rebinding(hostname):
try:
ip_address = socket.gethostbyname(hostname)
# Add checks for internal IP ranges here
if ip_address.startswith('127.0.0.') or ip_address.startswith('192.168.') or ip_address.startswith('10.0.'): #Example internal ranges
return True
return False
except socket.gaierror:
return False
# Example usage (replace with actual AutoGPT request logic)
url = 'http://example.com'
if check_dns_rebinding(url):
print(f"Potential DNS rebinding detected for {url}")• generic web:
curl -v 'http://autogpt-server/api/some-endpoint' 2>&1 | grep -i 'resolving to:'disclosure
Exploit-Status
EPSS
0.32% (55% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-31490 is to upgrade AutoGPT to version 0.6.1 or later, which includes the necessary hostname validation improvements. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests to suspicious or internal IP addresses. Additionally, review and restrict network access to the AutoGPT server, limiting its ability to make outbound requests to untrusted hosts. Regularly monitor AutoGPT logs for unusual outbound connections or DNS resolution patterns.
Aktualisieren Sie AutoGPT auf Version 0.6.1 oder höher. Diese Version enthält eine Korrektur für die SSRF-Schwachstelle, die durch DNS Rebinding verursacht wird. Das Update kann mit dem Python-Paketmanager pip oder gemäß den Anweisungen im offiziellen AutoGPT-Repository durchgeführt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-31490 is a HIGH severity SSRF vulnerability affecting AutoGPT versions prior to 0.6.1. It allows attackers to bypass hostname validation and potentially access internal resources.
You are affected if you are running AutoGPT versions 0.6.1 or earlier. Upgrade to 0.6.1 to resolve the vulnerability.
Upgrade AutoGPT to version 0.6.1 or later. As a temporary workaround, implement a WAF to block suspicious outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the AutoGPT project's official repository and release notes for the advisory and detailed information about the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.