CVE-2025-32436— AutoGPT has a DoS vulnerability in AddAudioToVideoBlock
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.63 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-32436
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoGPT has a DoS vulnerability in AddAudioToVideoBlock
Source: NVD (National Vulnerability Database)
Vulnerability Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video and audio in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `AddAudioToVideoBlock` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.63 | - |
II. Public POCs for CVE-2025-32436
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-32436
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-32436 (1)
Same Patch Batch · Significant-Gravitas · 2026-06-18 · 6 CVEs total
| CVE-2026-55237 | 8.8 HIGH | AutoGPT SignUp Page has DOM-Based XSS and Open Redirect |
| CVE-2025-32437 | AutoGPT has a DoS vulnerability in MediaDurationBlock | |
| CVE-2025-32422 | AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock | |
| CVE-2025-32392 | AutoGPT has a DoS vulnerability in LoopVideoBlock | |
| CVE-2025-32424 | AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock |
IV. Related Vulnerabilities
Same product: AutoGPT
- CVE-2026-55237
AutoGPT SignUp Page has DOM-Based XSS and Open Redirect - CVE-2025-32437
AutoGPT has a DoS vulnerability in MediaDurationBlock - CVE-2025-32424
AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock - CVE-2025-32422
AutoGPT has a DoS vulnerability in FileStoreBlock with StepT - CVE-2025-32392
AutoGPT has a DoS vulnerability in LoopVideoBlock
Same vendor: Significant-Gravitas
- CVE-2026-55237
AutoGPT SignUp Page has DOM-Based XSS and Open Redirect - CVE-2025-32437
AutoGPT has a DoS vulnerability in MediaDurationBlock - CVE-2025-32424
AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock - CVE-2025-32422
AutoGPT has a DoS vulnerability in FileStoreBlock with StepT - CVE-2025-32392
AutoGPT has a DoS vulnerability in LoopVideoBlock
Same weakness: CWE-400
- CVE-2026-9375
Decompression Bomb Bypass via Negative max_length in Streami - CVE-2026-49293
CPU exhaustion via O(n^2) BigInt construction on radix-prefi - CVE-2026-48937
Node.js 22/24 HTTP/2服务器GoAway帧后持续接收数据漏洞 - CVE-2025-53114
CometD has acknowledgement extension out of memory - CVE-2025-32437
AutoGPT has a DoS vulnerability in MediaDurationBlock
V. Comments for CVE-2025-32436
No comments yet