CVE-2025-53944: AutoGPT Authorization Bypass Exposes Execution Results

AutoGPT, a platform for managing AI agents, has addressed an authorization bypass vulnerability. Versions 0.6.15 and earlier are affected. This flaw allows authenticated users to access sensitive execution results from other users' agents. Upgrade to v0.6.16 to remediate this issue.

Vulnerability Details

CVE ID: CVE-2025-53944
Description: The get_graph_execution_results endpoint in AutoGPT's external API lacks proper authorization checks. While the graph_id is validated, the graph_exec_id parameter is not, allowing authenticated users to access arbitrary execution results.
CVSS Score: 7.7 HIGH
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Explanation: A network-based attack with low complexity. An attacker with low privileges (an ordinary authenticated user) can, without user interaction, impact the confidentiality of the system. The scope is changed because the vulnerability can affect resources beyond the attacker's intended access.
Exploit Requirements: An attacker needs a valid AutoGPT user account. No special skills are required to exploit this vulnerability.
Affected Vendor: Significant-Gravitas
Affected Product: AutoGPT
Affected Version: Versions 0.6.15 and below
CWE: CWE-285: Improper Authorization
CWE Explanation: Improper authorization occurs when a system does not adequately ensure that the user or process attempting an action has the necessary permissions. In this case, AutoGPT failed to check the user's permission to access specific execution results.

Timeline of Events

2025-07-30: Vulnerability publicly disclosed.
2025-07-30: AutoGPT v0.6.16 released with a fix.

Exploitability & Real-World Risk

This vulnerability poses a significant risk because it's easily exploitable. Any authenticated user can potentially view sensitive information related to other users' AI agent executions. This could include prompts, results, and even API keys stored in execution data. In a real-world scenario, an attacker could use this vulnerability to steal proprietary information, gain unauthorized access to connected services, or manipulate AI agent behavior.

Recommendations

Upgrade to AutoGPT v0.6.16 or later: This version includes the fix for the authorization bypass vulnerability.
Review User Permissions: Regularly review user permissions within your AutoGPT instance to ensure appropriate access controls.
Monitor API Access: Implement monitoring to detect suspicious access patterns to the get_graph_execution_results endpoint.

Technical Insight

The vulnerability stems from insufficient input validation on the graph_exec_id parameter in the get_graph_execution_results endpoint. The application correctly validates the graph_id, ensuring the user has access to the overall graph. However, it fails to verify if the user is authorized to view the specific execution results identified by the graph_exec_id, allowing access to any execution result if the user knows its ID.

Credit to Researcher(s)

This vulnerability was reported via GitHub Security Advisory.

CVE-2025-53944: AutoGPT Authorization Bypass Exposes Execution Results

CVE-2025-53944: AutoGPT Authorization Bypass Exposes Execution Results

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form