CVE-2025-32392 Significant-Gravitas CVE debrief

Who should care

Users of AutoGPT, especially those who manage AI agents and workflow automation, should be aware of this vulnerability and take immediate action to patch their systems. Security teams and administrators responsible for monitoring and maintaining AI infrastructure should prioritize patching to prevent potential DoS attacks.

Technical summary

The vulnerability in AutoGPT's LoopVideoBLock feature allows users to input a video file and process it without any limits on resource allocation. Specifically, the number of loops is user-controllable and unlimited, which can lead to the generation of excessively large video files. When these files are written to disk, they can exhaust available disk space, causing a denial of service (DoS). The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High

Recommended defensive actions

• Patch AutoGPT to version 0.6.63 or later
• Limit resource allocation for LoopVideoBLock feature
• Monitor disk space usage for AI agent workflow automation
• Implement input validation for video processing
• Conduct regular security audits for AI infrastructure
• Restrict user privileges for video processing tasks

Evidence notes

The vulnerability is confirmed by the CVE record and NVD detail pages. The source item URL provides additional context on the vulnerability's modification dates. A security advisory from GitHub (GHSA-267x-8jx3-gg6w) also discusses this vulnerability.

Official resources