What is CVE-2025-0454 — SSRF in significant-gravitas/autogpt?

CVE-2025-0454 is a Server-Side Request Forgery (SSRF) vulnerability in significant-gravitas/autogpt versions prior to v0.4.0, allowing attackers to bypass SSRF checks and potentially access internal resources.

Am I affected by CVE-2025-0454 in significant-gravitas/autogpt?

You are affected if you are using significant-gravitas/autogpt versions ≤v0.4.0. Upgrade to v0.4.0 to resolve the vulnerability.

How do I fix CVE-2025-0454 in significant-gravitas/autogpt?

Upgrade significant-gravitas/autogpt to version v0.4.0 or later. Consider implementing WAF rules or restricting URL access as a temporary workaround.

Is CVE-2025-0454 being actively exploited?

While no widespread exploitation has been confirmed, the ease of exploitation suggests a potential for active campaigns. Continuous monitoring is recommended.

Where can I find the official significant-gravitas/autogpt advisory for CVE-2025-0454?

Refer to the significant-gravitas/autogpt project's official repository or website for the latest security advisories and release notes.

CVE-2025-0454 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2025-0454 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• python / server:

import re

def check_request_url(url):
    if re.search(r'localhost:\@', url):
        return True
    return False

# Example usage
url = input("Enter the URL: ")
if check_request_url(url):
    print("Potential SSRF vulnerability detected!")
else:
    print("URL appears safe.")

• linux / server: journalctl filters for requests to unusual hostnames (e.g., journalctl | grep 'localhost:\@'). • generic web: Check access logs for requests containing localhost:\@ or similar hostname manipulation patterns.

Omisión de la verificación SSRF en la utilidad Requests en significant-gravitas/autogpt

Impacto y Escenarios de Ataquetraduciendo…

Contexto de Explotacióntraduciendo…

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workaroundstraduciendo…

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2025-0454 — SSRF in significant-gravitas/autogpt?

Am I affected by CVE-2025-0454 in significant-gravitas/autogpt?

How do I fix CVE-2025-0454 in significant-gravitas/autogpt?

Is CVE-2025-0454 being actively exploited?

Where can I find the official significant-gravitas/autogpt advisory for CVE-2025-0454?

¿Tu proyecto está afectado?

Detecta esta CVE en tu proyecto