CVE-2025-32437
Deferred Deferred - Pending Action
Denial of Service in AutoGPT via Uncontrolled Media Download

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `MediaDurationBlock ` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2025-32437
EUVD
EUVD-2025-210283
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
autogpt autogpt to 0.6.63 (exc)
significant_gravitas autogpt to 0.6.63 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-32437 is a critical Denial of Service (DoS) vulnerability in the AutoGPT platform affecting versions up to 0.6.62. The vulnerability exists in the MediaDurationBlock component, which downloads and stores video files in a temporary directory but does not delete them after processing. Additionally, the StepThroughItemsBlock can iterate over MediaDurationBlock multiple times without limiting the number of loops. This combination allows a malicious user to cause disk space exhaustion by repeatedly requesting video durations, leading to a DoS condition.

Furthermore, a countdown timer can delay the agent's completion indefinitely, enabling persistent DoS attacks. The issue is related to uncontrolled resource consumption (CWE-400).

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on the AutoGPT platform. Specifically, a malicious user can exploit the flaw to exhaust disk space by repeatedly triggering video downloads and storage without cleanup. This disk space exhaustion can cause the system to become unresponsive or fail to operate correctly.

Additionally, the vulnerability allows for indefinite delays in agent completion, which can result in persistent service disruption.

Detection Guidance

This vulnerability can be detected by monitoring disk space usage on the system where AutoGPT is running, especially in the temporary directories used by MediaDurationBlock. Unusually high or rapidly increasing disk usage may indicate exploitation attempts.

Additionally, monitoring the number of iterations or loops executed by StepThroughItemsBlock could help identify abnormal behavior, as it does not limit the number of loops.

Suggested commands to detect potential exploitation include:

  • Use disk usage commands to check for large or growing temporary files, e.g., `du -sh /path/to/temp/dir/*` or `df -h` to monitor overall disk space.
  • List recently created or modified files in the temporary directory with `ls -ltr /path/to/temp/dir` to identify accumulation of video files.
  • Monitor running AutoGPT processes and their resource consumption using commands like `top` or `ps aux | grep autogpt`.
Mitigation Strategies

The immediate mitigation step is to upgrade AutoGPT to version 0.6.63 or later, where this vulnerability has been patched.

Until the upgrade can be applied, monitor disk space closely and consider implementing manual cleanup of temporary directories used by MediaDurationBlock to prevent disk exhaustion.

Limit or restrict the usage of StepThroughItemsBlock to prevent excessive looping that could lead to resource exhaustion.

Implement monitoring and alerting for unusual disk usage patterns and process behavior related to AutoGPT.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32437. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart