cvedb.io
CVE-2025-0454
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:53.157 · Last modified 2026-06-17T08:26:30.740

Summary

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse` library and the `requests` library. A malicious user can exploit this by submitting a specially crafted URL, such as `http://localhost:\@google.com/../`, to bypass the SSRF check and perform an SSRF attack.

Affected products

agpt — autogpt_platform

Does this affect you?

Add your gear to cvedb and we'll alert you only when agpt ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.