CVE-2025-32423
Received Received - Intake
Memory Exhaustion in AutoGPT via ExtractTextInformationBlock

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-32423
EUVD
EUVD-2025-210363
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
significant_gravitas autogpt to 0.6.32 (exc)
significant_gravitas autogpt_platform_beta to 0.6.32 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-32423 is a denial-of-service (DoS) vulnerability in the AutoGPT platform, specifically in the ExtractTextInformationBlock component.

The vulnerability is caused by a user-controlled regular expression that can produce output with O(n^2) complexity, leading to excessive memory consumption.

For example, if a malicious user inputs 10,000 characters, the server may consume up to 50GB of memory due to the uncontrolled regex pattern and group selection, which amplifies the input size exponentially.

This memory exhaustion results in a denial-of-service condition, making the system unavailable.

The vulnerability affects versions of autogpt-platform-beta up to v0.6.31 and was fixed in version 0.6.32.

Impact Analysis

This vulnerability can impact you by causing a denial-of-service (DoS) condition on the AutoGPT platform.

An attacker can exploit the vulnerability by sending specially crafted input that causes the server to consume excessive memory, potentially up to 50GB for a 10,000 character input.

This memory exhaustion can lead to system crashes, degraded performance, or unavailability of the service, disrupting normal operations.

Detection Guidance

This vulnerability can be detected by monitoring for unusually high memory consumption by the AutoGPT service, especially when processing large or complex text inputs. Since the issue arises from a user-controlled regular expression causing exponential memory usage, observing memory spikes during text extraction operations is a key indicator.

Additionally, checking the version of AutoGPT or autogpt-platform-beta installed on your system can help identify if the vulnerable version (prior to 0.6.32) is in use.

  • Use commands to check the installed version, for example:
  • ```bash autogpt --version # or pip show autogpt ```
  • Monitor memory usage of the AutoGPT process during operation, for example:
  • ```bash top -p $(pidof autogpt) # or ps aux | grep autogpt ```
  • Check logs for any signs of memory exhaustion or crashes related to text extraction.
Mitigation Strategies

The immediate and most effective mitigation is to upgrade AutoGPT or autogpt-platform-beta to version 0.6.32 or later, where this vulnerability has been fixed.

Until the upgrade can be performed, consider restricting or sanitizing user inputs to the ExtractTextInformationBlock component to prevent excessively large or maliciously crafted text inputs that could trigger the memory exhaustion.

Additionally, monitor system memory usage closely and implement resource limits or timeouts on text processing operations to reduce the risk of denial-of-service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart