CVE-2025-1040HIGH 8.8EPSS p69.3%

CVE-2025-1040CVE-2025-1040

Description

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.42% probability of exploitation · percentile 69.3% · 2026-06-19T12:03:05Z
Published2025-03-20
Last modified2025-10-15

Underlying weaknesses· 1

CWE-1336

References

  1. https://github.com/significant-gravitas/autogpt/commit/6dba31e0215549604bdcc1aed24e3a1714e75ee2
  2. https://huntr.com/bounties/b74ef75f-61d5-4422-ab15-9550c8b4f185
  3. https://huntr.com/bounties/b74ef75f-61d5-4422-ab15-9550c8b4f185

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements Used in a Template Enginecwe-13360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26020
CVE
CVE-2025-25362
CVE
CVE-2026-24780
CVE
CVE-2025-62616
CVE
CVE-2025-62615
CVE
CVE-2025-22603
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.