CVE-2025-22603 – AutoGPT Server-Side Request Forgery Vulnerability in Web Request Component

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in AutoGPT versions prior to autogpt-platform-beta-v0.4.2. The issue arises in the 'Send Web Request' component, where IPv6 addresses are not properly restricted or filtered. This oversight allows attackers to exploit the vulnerability by directing requests to IPv6 services, potentially accessing internal resources or services that should be protected.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or resources, bypassing network restrictions.

Reproduction

To reproduce this vulnerability, create a workflow in AutoGPT that includes the 'Send Web Request' component. When the workflow is executed, the component can be manipulated to send requests to internal IPv6 addresses, which are not blocked by the application's default security measures. This can be done by crafting a request that targets an IPv6 service, taking advantage of the lack of proper filtering.

Remediation

Users can update to AutoGPT version autogpt-platform-beta-v0.4.2 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

No known affected products were detected.

CVSS Scores

volerion

5.5

CVSS 4.0

5.5

Medium

volerion

8.3

CVSS 3.1

8.3

High

nvd@nist.gov

8.1

CVSS 3.1

8.1

High

Vendor

7.7

CVSS 4.0

7.7

High

Click a row to open the calculator.

References

https://boatneck-faucet-cba.notion.site/SSRF-of-AutoGPT-153b650a4d88804d923ad65a015a7d61

Technical Description

https://github.com/Significant-Gravitas/AutoGPT/blob/2121ffd06b26a438706bf642372cc46d81c94ddc/autogpt_platform/backend/backend/util/request.py#L11

Source CodeVendor

https://github.com/Significant-Gravitas/AutoGPT/commit/26214e1b2c6777e0fae866642b23420adaadd6c4