CVE-2025-0454

Name of the Vulnerable Software and Affected Versions significant-gravitas/autogpt versions prior to v0.4.0

Description A Server-Side Request Forgery (SSRF) issue was identified, arising from a hostname confusion between the urlparse function from the urllib.parse library and the requests library. This can be exploited by a malicious user submitting a specially crafted URL, such as http://localhost:@google.com/../, to bypass the SSRF check and perform an SSRF attack.

Recommendations For versions prior to v0.4.0, update to version v0.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the urlparse function and the requests library to minimize the risk of exploitation. Avoid using specially crafted URLs in the affected utility until the issue is resolved.