CVE-2025-53944
Published: 30 July 2025
Summary
CVE-2025-53944 is a high-severity Improper Authorization (CWE-285) vulnerability in Agpt Autogpt Platform. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 34.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23154
Vulnerability details
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it…
more
fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, autogpt
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass allows authenticated users to access unauthorized execution results (IDOR), enabling exploitation for privilege escalation (T1068) and collection from an enterprise application data repository (T1213).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The control mandates authorization decisions for each access request, reducing the ability to exploit improper authorization weaknesses.
The control requires checking and applying authorization decisions per policy, preventing improper authorization.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.