CVE-2025-62615
Published: 04 February 2026
Summary
CVE-2025-62615 is a critical-severity SSRF (CWE-918) vulnerability in Agpt Autogpt Platform. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation and sanitization of user-supplied URLs prior to processing by urllib.request.urlopen in RSSFeedBlock, preventing SSRF exploitation.
Boundary protection at network interfaces blocks SSRF-induced outbound requests from reaching internal resources inaccessible to external attackers.
Enforces flow control policies restricting AutoGPT server connections to only authorized destinations, mitigating unfiltered URL requests to internal networks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing RSSFeedBlock component directly enables remote exploitation of the application without authentication.
NVD Description
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the input URL…
more
is not filtered, which will cause SSRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.6.34.
Deeper analysisAI
CVE-2025-62615 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the AutoGPT platform prior to version autogpt-platform-beta-v0.6.34. AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents that automate complex workflows. The flaw resides in the RSSFeedBlock component, where the third-party library urllib.request.urlopen directly accesses user-supplied URLs without input filtering, enabling SSRF. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By providing a malicious URL, the attacker tricks the AutoGPT server into initiating unintended requests, potentially to internal network resources, resulting in high impacts on confidentiality, integrity, and availability.
The issue has been patched in autogpt-platform-beta-v0.6.34. Additional details on the vulnerability and remediation are available in the GitHub security advisory at https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r55v-q5pc-j57f.
This vulnerability is notable in the context of AI/ML platforms, as AutoGPT's use for autonomous agent workflows could expose SSRF risks when processing untrusted RSS feeds in production environments. No public reports of real-world exploitation are available as of the CVE publication on 2026-02-04.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence