Cyber Resilience

CVE-2025-62615

CriticalPublic PoC

Published: 04 February 2026

Published
04 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 27.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-62615 is a critical-severity SSRF (CWE-918) vulnerability in Agpt Autogpt Platform. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2025-62615 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the AutoGPT platform prior to version autogpt-platform-beta-v0.6.34. AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents that automate complex workflows. The flaw resides in the RSSFeedBlock component, where the third-party library urllib.request.urlopen directly accesses user-supplied URLs without input filtering, enabling SSRF. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By providing a malicious URL, the attacker tricks the AutoGPT server into initiating unintended requests, potentially to internal network resources, resulting in high impacts on confidentiality, integrity, and availability.

The issue has been patched in autogpt-platform-beta-v0.6.34. Additional details on the vulnerability and remediation are available in the GitHub security advisory at https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r55v-q5pc-j57f.

This vulnerability is notable in the context of AI/ML platforms, as AutoGPT's use for autonomous agent workflows could expose SSRF risks when processing untrusted RSS feeds in production environments. No public reports of real-world exploitation are available as of the CVE publication on 2026-02-04.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the input URL…

more

is not filtered, which will cause SSRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.6.34.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence, autogpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing RSSFeedBlock component directly enables remote exploitation of the application without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62616Same product: Agpt Autogpt Platform
CVE-2025-0454Same product: Agpt Autogpt Platform
CVE-2025-22603Same product: Agpt Autogpt Platform
CVE-2026-24780Same product: Agpt Autogpt Platform
CVE-2025-1040Same product: Agpt Autogpt Platform
CVE-2026-26020Same product: Agpt Autogpt Platform
CVE-2026-22038Same product: Agpt Autogpt Platform
CVE-2026-7158Shared CWE-918
CVE-2026-32871Shared CWE-918
CVE-2026-2654Shared CWE-918

Affected Assets

agpt
autogpt platform
≤ 0.6.34

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation and sanitization of user-supplied URLs prior to processing by urllib.request.urlopen in RSSFeedBlock, preventing SSRF exploitation.

prevent

Boundary protection at network interfaces blocks SSRF-induced outbound requests from reaching internal resources inaccessible to external attackers.

prevent

Enforces flow control policies restricting AutoGPT server connections to only authorized destinations, mitigating unfiltered URL requests to internal networks.

References