Plateforme
python
Composant
autogpt
Corrigé dans
0.6.2
CVE-2025-31490 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in AutoGPT, an AI agent automation platform. This flaw allows attackers to bypass hostname validation and potentially access internal resources or services. The vulnerability impacts versions of AutoGPT prior to 0.6.1. A fix has been released in version 0.6.1.
The SSRF vulnerability in AutoGPT arises from inadequate validation of hostnames within the requests wrapper. While the code attempts to prevent SSRF by blocking requests to local IPv4 and IPv6 addresses, this check is insufficient to prevent DNS rebinding attacks. An attacker could exploit this by manipulating DNS records to resolve a hostname to an internal IP address, effectively bypassing the intended security measure. This could lead to unauthorized access to internal APIs, databases, or other sensitive resources within the AutoGPT environment. The potential blast radius depends on the internal services accessible from the AutoGPT server.
This vulnerability was publicly disclosed on 2025-04-14. There is currently no indication of active exploitation campaigns targeting AutoGPT. No public proof-of-concept (PoC) code has been released, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations and individuals deploying AutoGPT for automation tasks are at risk. Specifically, those running AutoGPT in environments with sensitive internal resources or services are particularly vulnerable. Shared hosting environments where AutoGPT is deployed alongside other applications may also be at increased risk.
• python / server:
import socket
import requests
def check_dns_rebinding(hostname):
try:
ip_address = socket.gethostbyname(hostname)
# Add checks for internal IP ranges here
if ip_address.startswith('127.0.0.') or ip_address.startswith('192.168.') or ip_address.startswith('10.0.'): #Example internal ranges
return True
return False
except socket.gaierror:
return False
# Example usage (replace with actual AutoGPT request logic)
url = 'http://example.com'
if check_dns_rebinding(url):
print(f"Potential DNS rebinding detected for {url}")• generic web:
curl -v 'http://autogpt-server/api/some-endpoint' 2>&1 | grep -i 'resolving to:'disclosure
Statut de l'Exploit
EPSS
0.32% (percentile 55%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-31490 is to upgrade AutoGPT to version 0.6.1 or later, which includes the necessary hostname validation improvements. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests to suspicious or internal IP addresses. Additionally, review and restrict network access to the AutoGPT server, limiting its ability to make outbound requests to untrusted hosts. Regularly monitor AutoGPT logs for unusual outbound connections or DNS resolution patterns.
Mettez à jour AutoGPT à la version 0.6.1 ou supérieure. Cette version contient une correction pour la vulnérabilité de SSRF causée par DNS Rebinding. La mise à jour peut être effectuée à l'aide du gestionnaire de paquets Python, pip, ou en suivant les instructions fournies dans le référentiel officiel d'AutoGPT.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-31490 is a HIGH severity SSRF vulnerability affecting AutoGPT versions prior to 0.6.1. It allows attackers to bypass hostname validation and potentially access internal resources.
You are affected if you are running AutoGPT versions 0.6.1 or earlier. Upgrade to 0.6.1 to resolve the vulnerability.
Upgrade AutoGPT to version 0.6.1 or later. As a temporary workaround, implement a WAF to block suspicious outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the AutoGPT project's official repository and release notes for the advisory and detailed information about the fix.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.