Executive Summary

CVE-2025-32392 is a Denial of Service (DoS) vulnerability in AutoGPT's LoopVideoBlock component. This component allows users to input a video file and process it by looping the video a user-defined number of times or extending its duration. However, there is no limit on how many times the video can be looped.

An attacker can exploit this by setting an excessively high number of loops, which causes the generated video file to become very large. When the video is written to disk, it can exhaust the available disk space, leading to a denial of service condition.

Even though temporary directories are cleaned up after execution, an attacker can delay task completion using a countdown timer, causing persistent denial of service by indefinitely postponing the cleanup.

This vulnerability is classified as Critical and is related to uncontrolled resource consumption (CWE-400). It affects versions of AutoGPT prior to 0.6.63, which includes autogpt-platform-beta-v0.6.62 and earlier.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a Denial of Service (DoS) condition by exhausting disk space on the system where AutoGPT is running.

If an attacker loops a video an excessively high number of times, the resulting video file can grow very large, consuming all available disk space and preventing the system or application from functioning properly.

This can disrupt normal operations, cause service outages, and potentially impact other applications or services running on the same system due to lack of disk resources.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusually large video files generated by AutoGPT's LoopVideoBlock component or by observing excessive disk space consumption during video processing tasks.

Specifically, detection can focus on identifying video processing jobs where the number of loops is set to an abnormally high value, which leads to large file sizes and disk exhaustion.

Commands to help detect this condition might include checking disk usage and large files in directories where AutoGPT writes video files, for example:

• Use disk usage commands like `du -sh /path/to/autogpt/output/*` to identify large files.
• Use `ls -lh /path/to/autogpt/output/` to list files with their sizes.
• Monitor disk space with `df -h` to detect if disk space is being exhausted.

Additionally, reviewing AutoGPT logs or configurations to detect if the LoopVideoBlock is being invoked with a very high loop count can help identify potential exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade AutoGPT to version 0.6.63 or later, where the vulnerability has been patched by enforcing limits on resource allocation during video looping.

Until the upgrade is applied, restrict or monitor user input to the LoopVideoBlock component to prevent excessively high loop counts.

Implement disk space monitoring and alerting to detect and respond quickly to abnormal disk usage.

Consider isolating AutoGPT processes in environments with limited disk quotas or resource limits to reduce the impact of potential abuse.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0