AVID-2026-R1657

Description

AutoGPT SSRF vulnerability (CVE-2025-22603)

Details

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) Send Web Request. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue.

Reason for inclusion in AVID: CVE-2025-22603 describes a server-side request forgery (SSRF) in AutoGPT platform prior to v0.4.2. AutoGPT is an AI platform used to create, deploy, and manage AI agents, i.e., software involved in building and running AI workflows. This is a software vulnerability affecting a component in the AI software stack, with clear references (CVE/NVD/advisories). It fits AI-related and GPAI supply chain criteria (software components used to build/deploy AI systems).

References

• NVD entry
• https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4c8v-hwxc-2356
• https://github.com/Significant-Gravitas/AutoGPT/commit/26214e1b2c6777e0fae866642b23420adaadd6c4
• https://boatneck-faucet-cba.notion.site/SSRF-of-AutoGPT-153b650a4d88804d923ad65a015a7d61
• https://github.com/Significant-Gravitas/AutoGPT/blob/2121ffd06b26a438706bf642372cc46d81c94ddc/autogpt_platform/backend/backend/util/request.py#L11

Affected or Relevant Artifacts

• Developer: OpenAI
• Deployer: OpenAI
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-03-10
• Version: 0.3.3
• AVID Entry