CVE-2025-22603

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22603

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22603.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22603

Aliases

GHSA-4c8v-hwxc-2356

Published

2025-03-10T19:15:39Z

Modified

2025-03-11T08:57:22.205997Z

Summary

[none]

Details

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) Send Web Request. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue.

References

Affected packages

Git / github.com/significant-gravitas/autogpt

Affected ranges

Type: GIT
Repo: https://github.com/significant-gravitas/autogpt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

26214e1b2c6777e0fae866642b23420adaadd6c4

Affected versions

agbenchmark-v0.*

agbenchmark-v0.0.10

agpt-platform-beta-v0.*

agpt-platform-beta-v0.1.0

agpt-platform-beta-v0.1.1

agpt-platform-beta-v0.2.0

autogpt-platform-beta-v0.*

autogpt-platform-beta-v0.2.1

autogpt-platform-beta-v0.2.2

autogpt-platform-beta-v0.3.0

autogpt-platform-beta-v0.3.1

autogpt-platform-beta-v0.3.2

autogpt-platform-beta-v0.3.3

autogpt-platform-beta-v0.3.4

autogpt-platform-beta-v0.4.0

autogpt-platform-beta-v0.4.1

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.3-alpha

v0.4.4

v0.4.5