Platform
python
Component
requests
Fixed in
v0.4.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Requests utility within significant-gravitas/autogpt versions prior to v0.4.0. This flaw stems from a hostname confusion between urllib.parse and the requests library, allowing attackers to bypass SSRF checks. Affected users should immediately upgrade to version v0.4.0 to mitigate this risk.
The SSRF vulnerability in significant-gravitas/autogpt allows a malicious user to craft a specially designed URL, such as http://localhost:\@google.com/../, to bypass the intended SSRF protection. Successful exploitation enables an attacker to make requests to internal resources that are otherwise inaccessible from the outside. This could include accessing sensitive data stored on internal servers, interacting with internal APIs, or even potentially gaining access to cloud metadata services. The blast radius extends to any internal service reachable from the autogpt instance, posing a significant risk to the confidentiality and integrity of the system.
This vulnerability was publicly disclosed on 2025-03-20. While no public proof-of-concept (PoC) has been widely reported, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely medium, indicating a moderate probability of exploitation given the ease of exploitation and potential impact. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0454 is to upgrade significant-gravitas/autogpt to version v0.4.0 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter out potentially malicious URLs containing hostname manipulation techniques like double colon escapes. Additionally, review and restrict the allowed URL schemes and domains that autogpt is permitted to access. Monitor network traffic for unusual outbound requests originating from the autogpt instance.
Update the Requests library to version 0.4.0 or higher. This will resolve the SSRF vulnerability. You can update using `pip install --upgrade requests`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0454 is a Server-Side Request Forgery (SSRF) vulnerability in significant-gravitas/autogpt versions prior to v0.4.0, allowing attackers to bypass SSRF checks and potentially access internal resources.
You are affected if you are using significant-gravitas/autogpt versions ≤v0.4.0. Upgrade to v0.4.0 to resolve the vulnerability.
Upgrade significant-gravitas/autogpt to version v0.4.0 or later. Consider implementing WAF rules or restricting URL access as a temporary workaround.
While no widespread exploitation has been confirmed, the ease of exploitation suggests a potential for active campaigns. Continuous monitoring is recommended.
Refer to the significant-gravitas/autogpt project's official repository or website for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.