SSRF in Significant-gravitas Autogpt

CVE-2025-22603

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) v…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (44.2th percentile) — read the EPSS interpretation.

Affected products

Significant-gravitas Autogpt — versions < autogpt-platform-beta-v0.4.2

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4c8v-hwxc-2356 (x_refsource_CONFIRM)
https://github.com/Significant-Gravitas/AutoGPT/commit/26214e1b2c6777e0fae866642b23420adaadd6c4 (x_refsource_MISC)
https://boatneck-faucet-cba.notion.site/SSRF-of-AutoGPT-153b650a4d88804d923ad65a015a7d61 (x_refsource_MISC)
https://github.com/Significant-Gravitas/AutoGPT/blob/2121ffd06b26a438706bf642372cc46d81c94ddc/autogpt_platform/backend/backend/util/request.py#L11 (x_refsource_MISC)