CVE-2025-31491

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.1

Description The issue allows for the leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests python library, which has a fundamental flaw in manually re-requesting the new location after a redirect, not accounting for security-sensitive headers such as the Authorization and Proxy-Authorization header, and cookies. For example, in autogpt platform/backend/backend/blocks/github/ api.py, an Authorization header is set when retrieving data from the GitHub API. If GitHub suffers from an open redirect vulnerability, and the script can be coerced into visiting it with the Authorization header, the GitHub credentials in the Authorization header will be leaked. This allows leaking auth headers and private cookies.

Recommendations To resolve the issue, update to version 0.6.1 or later. As a temporary workaround, consider restricting access to the autogpt platform/backend/backend/util/request.py wrapper to minimize the risk of exploitation. Avoid using the Authorization header in the affected API endpoints until the issue is resolved. Restrict access to the vulnerable github/ api.py module to minimize the risk of exploitation.