Description

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.

INFO

Published Date :

2025-07-30T14:28:36.168Z

Last Modified :

2025-07-30T14:47:36.847Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53944 vulnerability.

Vendors Products
Agpt
  • Autogpt Platform
Significant-gravitas
  • Autogpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53944.

URL Resource
https://github.com/Significant-Gravitas/AutoGPT/commit/309114a727baa2063357810d444e9a119f8dd7f6 cve-icon cve-icon
https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.16 cve-icon cve-icon
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-x77j-qg2x-fgg6 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact