PT-2025-10613 · Unknown · Autogpt-Platform
Agentsec
·
Published
2025-03-10
·
Updated
2026-01-28
·
CVE-2025-22603
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
autogpt-platform versions prior to autogpt-platform-beta-v0.4.2
Description
The issue is related to a server-side request forgery (SSRF) vulnerability inside the
Send Web Request component. The root cause is that IPV6 addresses are not restricted or filtered, allowing attackers to perform a server-side request forgery to visit an IPV6 service.Recommendations
For versions prior to autogpt-platform-beta-v0.4.2, update to autogpt-platform-beta-v0.4.2 to fix the issue. As a temporary workaround, consider restricting access to the
Send Web Request component to minimize the risk of exploitation.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autogpt-Platform