CVE-2025-32394 in AutoGPT
Summary
by MITRE • 06/26/2026
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/27/2026
The AutoGPT platform represents a sophisticated workflow automation environment designed for creating and managing continuous artificial intelligence agents through its various block components. The AITextSummarizerBlock serves as a critical element within this ecosystem, processing textual input to generate summaries while maintaining system performance standards. However, a significant denial of service vulnerability existed in versions prior to 0.6.32 that fundamentally compromised the platform's stability and resource management capabilities.
This vulnerability stems from an inadequate input handling mechanism within the AITextSummarizerBlock component where malicious actors can exploit memory consumption patterns through amplified input processing. The flaw manifests when users provide relatively small inputs of approximately 10 kilobytes of content, which then triggers an exponential memory allocation response that can escalate to consuming fifty gigabytes of system memory. This represents a classic example of algorithmic complexity exploitation where computational resources grow disproportionately relative to input size, creating a systematic resource exhaustion scenario.
The operational impact of this vulnerability extends beyond simple service disruption, as it creates cascading effects throughout the AutoGPT platform infrastructure. When memory resources become exhausted due to the amplified processing behavior, the entire system experiences severe degradation or complete unresponsiveness, affecting all running AI agents and workflow processes that depend on the platform's stability. The vulnerability directly aligns with CWE-400, which addresses unspecified resource exhaustion issues in software systems where improper input handling leads to excessive consumption of computational resources.
From an attack methodology perspective, this vulnerability follows patterns consistent with resource exhaustion attacks documented in the MITRE ATT&CK framework under the resource exhaustion category. The amplification factor of five thousand percent demonstrates how relatively minor user inputs can generate massive system impact, making this particularly dangerous in multi-tenant environments where malicious actors could target shared resources. The fix implemented in version 0.6.32 addresses these memory consumption patterns through improved input validation and processing limits that prevent such exponential resource allocation behaviors.
Security practitioners should recognize this vulnerability as a critical component of the platform's overall security posture, particularly when implementing automated AI agent workflows where system stability is paramount. The remediation approach likely involves implementing proper memory bounds checking, input size limitations, and rate limiting mechanisms to prevent similar amplification attacks in other components of the AutoGPT ecosystem. Organizations utilizing this platform should prioritize immediate upgrade to version 0.6.32 or later to mitigate potential exploitation risks that could compromise their AI workflow automation capabilities and overall system integrity.