CVE-2025-32393 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the AutoGPT platform developed by Significant-Gravitas. AutoGPT enables users to deploy continuous AI agents automating complex workflows, including RSS feed parsing via the ReadRSSFeedBlock component. The vulnerability arises because the feedparser.parser function processes XML feeds from user-supplied URLs without imposing any constraints on parsing duration or memory consumption. An attacker can exploit this by submitting a maliciously crafted XML feed with deep nesting or excessive complexity, which causes the parser to consume excessive memory and CPU resources. This resource exhaustion leads to a denial-of-service condition, rendering the AutoGPT service unavailable or crashing it. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no privileges or user interaction required, and a high impact on availability. The issue was addressed and patched in autogpt-platform-beta-v0.6.32, which introduced limits on resource allocation during XML parsing to prevent exhaustion. No known exploits have been reported in the wild as of now, but the vulnerability poses a significant risk to organizations relying on AutoGPT for AI automation tasks.

For European organizations, the primary impact of CVE-2025-32393 is the potential disruption of AI-driven automation workflows that utilize AutoGPT, particularly those involving RSS feed ingestion or similar XML parsing tasks. A successful attack can cause service outages, impacting business continuity and operational efficiency. Organizations in sectors such as finance, manufacturing, telecommunications, and media—where AI automation is increasingly integrated—may experience degraded service availability or downtime. This can lead to financial losses, reputational damage, and reduced trust in AI systems. Additionally, the denial-of-service condition could be leveraged as part of a broader attack strategy to distract or disable critical AI services. Since the vulnerability does not compromise confidentiality or integrity, the main concern is availability. The lack of authentication or user interaction requirements makes it easier for attackers to exploit remotely, increasing the threat surface for European enterprises using vulnerable versions of AutoGPT.

1. Immediately upgrade all AutoGPT deployments to autogpt-platform-beta-v0.6.32 or later, which contains the patch that enforces resource limits during XML parsing. 2. Implement network-level filtering or input validation to restrict or sanitize RSS feed URLs and XML content before processing, blocking feeds with suspiciously deep nesting or excessive size. 3. Deploy runtime monitoring and alerting on resource usage metrics (memory, CPU) for AutoGPT processes to detect abnormal spikes indicative of exploitation attempts. 4. Use containerization or sandboxing to isolate AutoGPT instances, limiting the impact of potential DoS attacks on other systems. 5. Establish rate limiting on API endpoints that accept feed URLs to reduce the risk of automated exploitation. 6. Conduct regular security assessments and penetration testing focused on AI automation components to identify similar resource exhaustion vulnerabilities. 7. Maintain up-to-date threat intelligence feeds to monitor for emerging exploits targeting AutoGPT or related AI platforms.