Impact
AddAudioToVideoBlock in AutoGPT downloads and stores media in a temporary directory without removing it after completion, and it does not enforce any limits on the volume of data written to disk. Coupled with StepThroughItemsBlock, which can iterate without a bound, an attacker can cause the working directory to grow without restraint. The unlimited disk consumption can exhaust the file system, halting normal operation of the AutoGPT instance. This weakness is a classic case of uncontrolled resource consumption (CWE‑400).
Affected Systems
AutoGPT, a workflow automation platform from Significant‑Gravitas, is affected. Versions prior to 0.6.63 exhibit the flaw; the issue was fixed in 0.6.63. The vulnerability is specific to the AutoGPT engine and all related modules that rely on AddAudioToVideoBlock.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity potential. The vulnerability is not cataloged in CISA’s KEV list. Attackers can exploit the weakness by running an AutoGPT workflow that repeatedly invokes AddAudioToVideoBlock within an unlimited StepThroughItemsBlock loop, leading to rapid disk exhaustion. A user with sufficient privileges to execute AutoGPT is required to launch the attack, and no external system involvement is necessary.
OpenCVE Enrichment