{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T19:31:07.531","vulnerabilities":[{"cve":{"id":"CVE-2025-53944","sourceIdentifier":"security-advisories@github.com","published":"2025-07-30T15:15:35.210","lastModified":"2025-08-05T14:40:34.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters. This is fixed in v0.6.16."},{"lang":"es","value":"AutoGPT es una plataforma que permite a los usuarios crear, implementar y gestionar agentes de inteligencia artificial continua. En la versión v0.6.15 y anteriores, el endpoint get_graph_execution_results de la API externa presenta una vulnerabilidad de omisión de autorización. Si bien valida correctamente el acceso del usuario a graph_id, no verifica la propiedad del parámetro graph_exec_id, lo que permite a los usuarios autenticados acceder a cualquier resultado de ejecución proporcionando IDs de ejecución arbitrarios. La API interna implementa la validación adecuada para ambos parámetros. Esto se solucionó en la versión v0.6.16."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agpt:autogpt_platform:0.6.13:beta:*:*:*:*:*:*","matchCriteriaId":"2ECBE188-9A84-43D7-B7C7-6788F08F576C"}]}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/commit/309114a727baa2063357810d444e9a119f8dd7f6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.16","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-x77j-qg2x-fgg6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-x77j-qg2x-fgg6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}