プラットフォーム
python
コンポーネント
autogpt
修正版
0.6.2
CVE-2025-31490 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in AutoGPT, an AI agent automation platform. This flaw allows attackers to bypass hostname validation and potentially access internal resources or services. The vulnerability impacts versions of AutoGPT prior to 0.6.1. A fix has been released in version 0.6.1.
The SSRF vulnerability in AutoGPT arises from inadequate validation of hostnames within the requests wrapper. While the code attempts to prevent SSRF by blocking requests to local IPv4 and IPv6 addresses, this check is insufficient to prevent DNS rebinding attacks. An attacker could exploit this by manipulating DNS records to resolve a hostname to an internal IP address, effectively bypassing the intended security measure. This could lead to unauthorized access to internal APIs, databases, or other sensitive resources within the AutoGPT environment. The potential blast radius depends on the internal services accessible from the AutoGPT server.
This vulnerability was publicly disclosed on 2025-04-14. There is currently no indication of active exploitation campaigns targeting AutoGPT. No public proof-of-concept (PoC) code has been released, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations and individuals deploying AutoGPT for automation tasks are at risk. Specifically, those running AutoGPT in environments with sensitive internal resources or services are particularly vulnerable. Shared hosting environments where AutoGPT is deployed alongside other applications may also be at increased risk.
• python / server:
import socket
import requests
def check_dns_rebinding(hostname):
try:
ip_address = socket.gethostbyname(hostname)
# Add checks for internal IP ranges here
if ip_address.startswith('127.0.0.') or ip_address.startswith('192.168.') or ip_address.startswith('10.0.'): #Example internal ranges
return True
return False
except socket.gaierror:
return False
# Example usage (replace with actual AutoGPT request logic)
url = 'http://example.com'
if check_dns_rebinding(url):
print(f"Potential DNS rebinding detected for {url}")• generic web:
curl -v 'http://autogpt-server/api/some-endpoint' 2>&1 | grep -i 'resolving to:'disclosure
エクスプロイト状況
EPSS
0.32% (55% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-31490 is to upgrade AutoGPT to version 0.6.1 or later, which includes the necessary hostname validation improvements. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests to suspicious or internal IP addresses. Additionally, review and restrict network access to the AutoGPT server, limiting its ability to make outbound requests to untrusted hosts. Regularly monitor AutoGPT logs for unusual outbound connections or DNS resolution patterns.
AutoGPTをバージョン0.6.1以降にアップデートしてください。このバージョンには、DNS Rebindingによって引き起こされるSSRFの脆弱性に対する修正が含まれています。アップデートは、Pythonのパッケージマネージャーであるpipを使用するか、AutoGPTの公式リポジトリで提供されている手順に従うことで実行できます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-31490 is a HIGH severity SSRF vulnerability affecting AutoGPT versions prior to 0.6.1. It allows attackers to bypass hostname validation and potentially access internal resources.
You are affected if you are running AutoGPT versions 0.6.1 or earlier. Upgrade to 0.6.1 to resolve the vulnerability.
Upgrade AutoGPT to version 0.6.1 or later. As a temporary workaround, implement a WAF to block suspicious outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the AutoGPT project's official repository and release notes for the advisory and detailed information about the fix.
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。