CVE-2025-32425— AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.32 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-32425
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS
Source: NVD (National Vulnerability Database)
Vulnerability Description
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
AutoGPT 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT 0.6.32之前版本存在安全漏洞,该漏洞源于容器部署时日志大小无限制,可能导致磁盘资源耗尽并造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.32 | - |
II. Public POCs for CVE-2025-32425
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-32425
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: AutoGPT
- CVE-2025-41023
Authentication bypass in AutoGPT de Thesamur - CVE-2026-26020
AutoGPT Affected by Remote Code Execution via Dynamic Module - CVE-2026-26006
Redos (Regular Expression Denial of Service) at Code Extract - CVE-2025-32393
AutoGPT has a DoS vulnerability in ReadRSSFeedBlock - CVE-2025-62616
AutoGPT has SSRF vulnerability in SendDiscordFileBlock
Same vendor: Significant-Gravitas
- CVE-2026-26020
AutoGPT Affected by Remote Code Execution via Dynamic Module - CVE-2026-26006
Redos (Regular Expression Denial of Service) at Code Extract - CVE-2025-32393
AutoGPT has a DoS vulnerability in ReadRSSFeedBlock - CVE-2025-62616
AutoGPT has SSRF vulnerability in SendDiscordFileBlock - CVE-2025-62615
AutoGPT has SSRF vulnerability in ReadRSSFeedBlock
Same weakness: CWE-770
- CVE-2021-47959
WordPress Plugin WPGraphQL 1.3.5 Denial of Service - CVE-2026-44679
Tuist: Forgot password flow lacks throttling for reset email - CVE-2026-44216
Wasmtime: Panic when allocating a table exceeding the size o - CVE-2026-8468
Unbounded buffer accumulation in multipart header parsing ca - CVE-2025-14870
Allocation of Resources Without Limits or Throttling in GitL
V. Comments for CVE-2025-32425
No comments yet