CVE-2025-31494

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.1

Description The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph id+graph version. However, there was no check prohibiting users from subscribing with another user's graph id+graph version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This issue does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator.

Recommendations For versions prior to 0.6.1, update to version 0.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the WebSocket API or limiting subscriptions to only trusted users within the same instance. Additionally, in private instances with a user white-list, ensure that only authorized users are admitted by the administrator to minimize the risk of exploitation.