CVE-2025-32437: CWE-400: Uncontrolled Resource Consumption in Significant-Gravitas AutoGPT
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `MediaDurationBlock ` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
AI Analysis
Technical Summary
AutoGPT versions before 0.6.63 contain a vulnerability where the MediaDurationBlock component downloads and stores video files in a temporary directory but does not delete them after processing. The StepThroughItemsBlock can iterate over MediaDurationBlock multiple times without limiting the number of loops. This combination allows a malicious user to cause uncontrolled disk space consumption by repeatedly triggering video downloads, eventually exhausting disk resources and causing a denial of service condition. The vulnerability is tracked as CWE-400 (Uncontrolled Resource Consumption) and has a CVSS 4.0 score of 8.7, indicating high severity. The issue is fixed in version 0.6.63.
Potential Impact
An attacker can exploit this vulnerability to cause a denial of service by exhausting disk space on the system running AutoGPT. This occurs because temporary video files are not deleted and can accumulate indefinitely when iterated multiple times, leading to resource exhaustion and potential service disruption.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.63 or later, where this vulnerability is patched. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the versioning information indicating the fix in 0.6.63.
CVE-2025-32437: CWE-400: Uncontrolled Resource Consumption in Significant-Gravitas AutoGPT
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `MediaDurationBlock ` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
CVSS v4.0
Score 8.7high
Affected software
pkg:github/significant-gravitas/AutoGPTRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
AutoGPT versions before 0.6.63 contain a vulnerability where the MediaDurationBlock component downloads and stores video files in a temporary directory but does not delete them after processing. The StepThroughItemsBlock can iterate over MediaDurationBlock multiple times without limiting the number of loops. This combination allows a malicious user to cause uncontrolled disk space consumption by repeatedly triggering video downloads, eventually exhausting disk resources and causing a denial of service condition. The vulnerability is tracked as CWE-400 (Uncontrolled Resource Consumption) and has a CVSS 4.0 score of 8.7, indicating high severity. The issue is fixed in version 0.6.63.
Potential Impact
An attacker can exploit this vulnerability to cause a denial of service by exhausting disk space on the system running AutoGPT. This occurs because temporary video files are not deleted and can accumulate indefinitely when iterated multiple times, leading to resource exhaustion and potential service disruption.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.63 or later, where this vulnerability is patched. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the versioning information indicating the fix in 0.6.63.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-04-08T10:54:58.368Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a341e7df198dc38c11fcd38
Added to database: 6/18/2026, 4:36:13 PM
Last enriched: 6/18/2026, 4:50:18 PM
Last updated: 6/19/2026, 4:25:27 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.