0.6.2
CVE-2025-31490 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in AutoGPT, an AI agent automation platform. This flaw allows attackers to bypass hostname validation and potentially access internal resources or services. The vulnerability impacts versions of AutoGPT prior to 0.6.1. A fix has been released in version 0.6.1.
The SSRF vulnerability in AutoGPT arises from inadequate validation of hostnames within the requests wrapper. While the code attempts to prevent SSRF by blocking requests to local IPv4 and IPv6 addresses, this check is insufficient to prevent DNS rebinding attacks. An attacker could exploit this by manipulating DNS records to resolve a hostname to an internal IP address, effectively bypassing the intended security measure. This could lead to unauthorized access to internal APIs, databases, or other sensitive resources within the AutoGPT environment. The potential blast radius depends on the internal services accessible from the AutoGPT server.
This vulnerability was publicly disclosed on 2025-04-14. There is currently no indication of active exploitation campaigns targeting AutoGPT. No public proof-of-concept (PoC) code has been released, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations and individuals deploying AutoGPT for automation tasks are at risk. Specifically, those running AutoGPT in environments with sensitive internal resources or services are particularly vulnerable. Shared hosting environments where AutoGPT is deployed alongside other applications may also be at increased risk.
• python / server:
import socket
import requests
def check_dns_rebinding(hostname):
try:
ip_address = socket.gethostbyname(hostname)
# Add checks for internal IP ranges here
if ip_address.startswith('127.0.0.') or ip_address.startswith('192.168.') or ip_address.startswith('10.0.'): #Example internal ranges
return True
return False
except socket.gaierror:
return False
# Example usage (replace with actual AutoGPT request logic)
url = 'http://example.com'
if check_dns_rebinding(url):
print(f"Potential DNS rebinding detected for {url}")• generic web:
curl -v 'http://autogpt-server/api/some-endpoint' 2>&1 | grep -i 'resolving to:'disclosure
漏洞利用状态
EPSS
0.32% (55% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-31490 is to upgrade AutoGPT to version 0.6.1 or later, which includes the necessary hostname validation improvements. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests to suspicious or internal IP addresses. Additionally, review and restrict network access to the AutoGPT server, limiting its ability to make outbound requests to untrusted hosts. Regularly monitor AutoGPT logs for unusual outbound connections or DNS resolution patterns.
将 AutoGPT 更新到 0.6.1 或更高版本。此版本包含针对 DNS 重绑定引起的 SSRF 漏洞的修复。可以使用 Python 包管理器 pip 进行更新,或按照 AutoGPT 官方存储库中提供的说明进行操作。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-31490 is a HIGH severity SSRF vulnerability affecting AutoGPT versions prior to 0.6.1. It allows attackers to bypass hostname validation and potentially access internal resources.
You are affected if you are running AutoGPT versions 0.6.1 or earlier. Upgrade to 0.6.1 to resolve the vulnerability.
Upgrade AutoGPT to version 0.6.1 or later. As a temporary workaround, implement a WAF to block suspicious outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the AutoGPT project's official repository and release notes for the advisory and detailed information about the fix.
上传你的 requirements.txt 文件,立即知道是否受影响。