PatchSiren cyber security CVE debrief
CVE-2025-32424 Significant-Gravitas CVE debrief
CVE-2025-32424 is a high-severity vulnerability in AutoGPT, a workflow automation platform, that can lead to a Denial of Service (DoS) attack. The vulnerability exists in versions prior to 0.6.63 and is caused by the `ScreenshotWebPageBlock` storing captured screenshots in a temporary directory without limiting disk space consumption. When combined with the `StepThroughItemsBlock`, which allows unlimited loops, a malicious user can cause the disk space to run out, leading to a DoS. The vendor has patched this issue in version 0.6.63.
- Vendor
- Significant-Gravitas
- Product
- AutoGPT
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-18
Who should care
Users of AutoGPT versions prior to 0.6.63 should be aware of this high-severity vulnerability and take immediate action to patch their installations. Security teams and administrators responsible for maintaining AutoGPT installations should prioritize patching to prevent potential DoS attacks.
Technical summary
The vulnerability is caused by the `ScreenshotWebPageBlock` storing captured screenshots in a temporary directory without limiting disk space consumption. The `StepThroughItemsBlock` allows unlimited loops, which can be used to repeatedly execute the `ScreenshotWebPageBlock`, leading to excessive disk space consumption and a potential DoS attack. The vendor has patched this issue in version 0.6.63 by implementing limits on disk space consumption.
Defensive priority
High
Recommended defensive actions
- Patch AutoGPT installations to version 0.6.63 or later
- Limit access to the AutoGPT platform to trusted users
- Monitor disk space consumption and system logs for suspicious activity
- Implement compensating controls, such as rate limiting or IP blocking, to prevent potential DoS attacks
- Review system configurations and ensure that AutoGPT is properly secured
- Verify that all AutoGPT installations are up-to-date and patched
- Track and monitor system performance to detect potential security incidents
Evidence notes
The CVE record was published on 2026-06-18T17:16:26.667Z and has not been modified since then. The NVD entry is currently Deferred. The vendor has provided a security advisory on GitHub, which describes the vulnerability and provides a patch.
Official resources
-
CVE-2025-32424 CVE record
CVE.org
-
CVE-2025-32424 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T17:16:26.667Z and has not been modified since then. The NVD entry is currently Deferred.