PatchSiren cyber security CVE debrief

CVE-2025-32425 Significant-Gravitas CVE debrief

CVE-2025-32425 is a medium-severity denial-of-service vulnerability in AutoGPT Platform, published 2026-05-13 and last modified 2026-05-26. The issue stems from unbounded container log growth in Docker deployments: execution output is captured to stdout/stderr and stored as container logs without size limits. Under high user access volume, logs can exhaust server disk resources, causing DoS. The vulnerability affects versions prior to 0.6.32; the fix in autogpt-platform-beta-v0.6.32 implements log size constraints. CVSS 4.0 vector indicates local attack vector with low attack complexity and low availability impact. The root cause maps to CWE-770 (Allocation of Resources Without Limits or Throttling).

Vendor: Significant-Gravitas
Product: AutoGPT
CVSS: MEDIUM 5.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-13
Original CVE updated: 2026-05-26
Advisory published: 2026-05-13
Advisory updated: 2026-05-26

Who should care

Organizations running AutoGPT Platform in containerized/Docker deployments, particularly those with high user concurrency or production workloads where disk exhaustion would impact availability.

Technical summary

The AutoGPT Platform records execution output to console (stdout/stderr), which Docker captures as container logs. Prior to version 0.6.32, no log size limits were enforced during container deployment. Sustained high user access volumes generate unchecked log growth, leading to disk resource exhaustion and denial of service. The fix in version 0.6.32 introduces log size constraints to prevent unbounded growth.

Defensive priority

medium

Recommended defensive actions

Upgrade AutoGPT Platform to version 0.6.32 or later to obtain log size limiting controls
Review Docker logging configuration in container deployments to implement log rotation and size limits
Monitor disk utilization on AutoGPT Platform servers for anomalous log growth
Apply resource quotas and log retention policies at the container orchestration level as defense in depth

Evidence notes

Official CVE record and NVD entry confirm vulnerability details. GitHub Security Advisory GHSA-vw3v-whvp-33v5 provides vendor acknowledgment and mitigation guidance. Commit 57a06f70883ce6be18738c6ae8bb41085c71e266 contains the patch. Source code references show logging configuration and Docker Compose platform deployment settings.

Official resources

CVE-2025-32425 CVE record
CVE.org
CVE-2025-32425 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Product
Source reference
[email protected] - Product
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory

2026-05-13