CVE-2025-1040

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AutoGPT versions 0.3.4 and earlier

Description AutoGPT versions 0.3.4 and earlier are susceptible to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). This issue stems from the inadequate handling of user-supplied format strings within the AgentOutputBlock implementation, where malicious input is passed to the Jinja2 templating engine without sufficient security measures. Attackers can leverage this flaw to execute arbitrary commands on the host system.

Recommendations Update AutoGPT to version 0.4.0 or later.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-77

Related Identifiers

CVE-2025-1040

Affected Products

Autogpt

Jinja2

CVE-2025-1040

Weakness Enumeration

Related Identifiers

Affected Products

References · 9