CVE-2025-32392

CVE-2025-32392 is a high-severity vulnerability with a CVSS 4.0 base score of 8.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-400.

Key facts

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.

Frequently asked questions

What is CVE-2025-32392?
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.
How severe is CVE-2025-32392?
CVE-2025-32392 has a CVSS 4.0 base score of 8.7, rated high severity.
Is CVE-2025-32392 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (26th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-32392?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2025-32392 have an EU (EUVD) identifier?
Yes. CVE-2025-32392 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-210279.
When was CVE-2025-32392 published?
CVE-2025-32392 was published on 2026-06-18.

References

Other CWE-400 (Uncontrolled Resource Consumption) vulnerabilities

Browse all CWE-400 (Uncontrolled Resource Consumption) vulnerabilities →