プラットフォーム
python
コンポーネント
requests
修正版
v0.4.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Requests utility within significant-gravitas/autogpt versions prior to v0.4.0. This flaw stems from a hostname confusion between urllib.parse and the requests library, allowing attackers to bypass SSRF checks. Affected users should immediately upgrade to version v0.4.0 to mitigate this risk.
The SSRF vulnerability in significant-gravitas/autogpt allows a malicious user to craft a specially designed URL, such as http://localhost:\@google.com/../, to bypass the intended SSRF protection. Successful exploitation enables an attacker to make requests to internal resources that are otherwise inaccessible from the outside. This could include accessing sensitive data stored on internal servers, interacting with internal APIs, or even potentially gaining access to cloud metadata services. The blast radius extends to any internal service reachable from the autogpt instance, posing a significant risk to the confidentiality and integrity of the system.
This vulnerability was publicly disclosed on 2025-03-20. While no public proof-of-concept (PoC) has been widely reported, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely medium, indicating a moderate probability of exploitation given the ease of exploitation and potential impact. It is not currently listed on the CISA KEV catalog.
Organizations using significant-gravitas/autogpt in environments with internal services or cloud metadata exposure are at risk. Specifically, deployments where autogpt is granted broad network access or interacts with sensitive internal APIs are particularly vulnerable. Shared hosting environments utilizing autogpt also pose a risk, as a compromised autogpt instance could potentially be used to attack other tenants on the same server.
• python / server:
import re
def check_request_url(url):
if re.search(r'localhost:\@', url):
return True
return False
# Example usage
url = input("Enter the URL: ")
if check_request_url(url):
print("Potential SSRF vulnerability detected!")
else:
print("URL appears safe.")• linux / server: journalctl filters for requests to unusual hostnames (e.g., journalctl | grep 'localhost:\@').
• generic web: Check access logs for requests containing localhost:\@ or similar hostname manipulation patterns.
disclosure
エクスプロイト状況
EPSS
0.10% (27% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-0454 is to upgrade significant-gravitas/autogpt to version v0.4.0 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter out potentially malicious URLs containing hostname manipulation techniques like double colon escapes. Additionally, review and restrict the allowed URL schemes and domains that autogpt is permitted to access. Monitor network traffic for unusual outbound requests originating from the autogpt instance.
Requests ライブラリをバージョン 0.4.0 以降にアップデートしてください。これにより、SSRF の脆弱性が修正されます。`pip install --upgrade requests` を使用してアップデートできます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-0454 is a Server-Side Request Forgery (SSRF) vulnerability in significant-gravitas/autogpt versions prior to v0.4.0, allowing attackers to bypass SSRF checks and potentially access internal resources.
You are affected if you are using significant-gravitas/autogpt versions ≤v0.4.0. Upgrade to v0.4.0 to resolve the vulnerability.
Upgrade significant-gravitas/autogpt to version v0.4.0 or later. Consider implementing WAF rules or restricting URL access as a temporary workaround.
While no widespread exploitation has been confirmed, the ease of exploitation suggests a potential for active campaigns. Continuous monitoring is recommended.
Refer to the significant-gravitas/autogpt project's official repository or website for the latest security advisories and release notes.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。