PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-32424 Significant-Gravitas CVE debrief

CVE-2025-32424 is a high-severity vulnerability in AutoGPT, a workflow automation platform, that can lead to a Denial of Service (DoS) attack. The vulnerability exists in versions prior to 0.6.63 and is caused by the `ScreenshotWebPageBlock` storing captured screenshots in a temporary directory without limiting disk space consumption. When combined with the `StepThroughItemsBlock`, which allows unlimited loops, a malicious user can cause the disk space to run out, leading to a DoS. The vendor has patched this issue in version 0.6.63.

Vendor
Significant-Gravitas
Product
AutoGPT
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-18
Advisory published
2026-06-18
Advisory updated
2026-06-18

Who should care

Users of AutoGPT versions prior to 0.6.63 should be aware of this high-severity vulnerability and take immediate action to patch their installations. Security teams and administrators responsible for maintaining AutoGPT installations should prioritize patching to prevent potential DoS attacks.

Technical summary

The vulnerability is caused by the `ScreenshotWebPageBlock` storing captured screenshots in a temporary directory without limiting disk space consumption. The `StepThroughItemsBlock` allows unlimited loops, which can be used to repeatedly execute the `ScreenshotWebPageBlock`, leading to excessive disk space consumption and a potential DoS attack. The vendor has patched this issue in version 0.6.63 by implementing limits on disk space consumption.

Defensive priority

High

Recommended defensive actions

  • Patch AutoGPT installations to version 0.6.63 or later
  • Limit access to the AutoGPT platform to trusted users
  • Monitor disk space consumption and system logs for suspicious activity
  • Implement compensating controls, such as rate limiting or IP blocking, to prevent potential DoS attacks
  • Review system configurations and ensure that AutoGPT is properly secured
  • Verify that all AutoGPT installations are up-to-date and patched
  • Track and monitor system performance to detect potential security incidents

Evidence notes

The CVE record was published on 2026-06-18T17:16:26.667Z and has not been modified since then. The NVD entry is currently Deferred. The vendor has provided a security advisory on GitHub, which describes the vulnerability and provides a patch.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T17:16:26.667Z and has not been modified since then. The NVD entry is currently Deferred.