cbcvebase.
CVE-2025-53944
published 2025-07-30

CVE-2025-53944: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's…

PriorityP352high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.43%
34.7th percentile
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16.

Affected

2 ranges
VendorProductVersion rangeFixed in
agptautogpt_platform
significant-gravitasautogpt< 0.6.160.6.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.