Platform
python
Component
autogpt
Fixed in
0.6.2
CVE-2025-31490 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in AutoGPT, an AI agent automation platform. This flaw allows attackers to bypass hostname validation and potentially access internal resources or services. The vulnerability impacts versions of AutoGPT prior to 0.6.1. A fix has been released in version 0.6.1.
The SSRF vulnerability in AutoGPT arises from inadequate validation of hostnames within the requests wrapper. While the code attempts to prevent SSRF by blocking requests to local IPv4 and IPv6 addresses, this check is insufficient to prevent DNS rebinding attacks. An attacker could exploit this by manipulating DNS records to resolve a hostname to an internal IP address, effectively bypassing the intended security measure. This could lead to unauthorized access to internal APIs, databases, or other sensitive resources within the AutoGPT environment. The potential blast radius depends on the internal services accessible from the AutoGPT server.
This vulnerability was publicly disclosed on 2025-04-14. There is currently no indication of active exploitation campaigns targeting AutoGPT. No public proof-of-concept (PoC) code has been released, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.32% (55% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-31490 is to upgrade AutoGPT to version 0.6.1 or later, which includes the necessary hostname validation improvements. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests to suspicious or internal IP addresses. Additionally, review and restrict network access to the AutoGPT server, limiting its ability to make outbound requests to untrusted hosts. Regularly monitor AutoGPT logs for unusual outbound connections or DNS resolution patterns.
Update AutoGPT to version 0.6.1 or higher. This version contains a fix for the SSRF vulnerability caused by DNS Rebinding. The update can be performed using the Python package manager, pip, or following the instructions provided in the official AutoGPT repository.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31490 is a HIGH severity SSRF vulnerability affecting AutoGPT versions prior to 0.6.1. It allows attackers to bypass hostname validation and potentially access internal resources.
You are affected if you are running AutoGPT versions 0.6.1 or earlier. Upgrade to 0.6.1 to resolve the vulnerability.
Upgrade AutoGPT to version 0.6.1 or later. As a temporary workaround, implement a WAF to block suspicious outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the AutoGPT project's official repository and release notes for the advisory and detailed information about the fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.