CVE-2025-1040 HIGH

CVE-2025-1040: Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

Vendor Significant-Gravitas
Product significant-gravitas/autogpt
Weakness CWE-1336
Published March 20, 2025
Last update October 15, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated