CVE-2025-32425

AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-770

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 may 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Productos afectados

Significant-Gravitas · AutoGPT

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py#L83-L102 https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/docker-compose.platform.yml#L102-L142 https://github.com/Significant-Gravitas/AutoGPT/commit/57a06f70883ce6be18738c6ae8bb41085c71e266 https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-vw3v-whvp-33v5