CVE-2025-32425 Overview
CVE-2025-32425 is a denial of service vulnerability in AutoGPT, an open-source platform for building and running continuous AI agents. AutoGPT writes execution output to stdout and stderr, which Docker captures as container logs when the platform runs in container mode. Versions prior to 0.6.32 apply no size limit or rotation policy to these logs. An attacker generating high request volume can drive log files to consume all available disk space, exhausting storage on the host and rendering the service unavailable. The flaw is tracked under CWE-770: Allocation of Resources Without Limits or Throttling and is fixed in autogpt-platform-beta-v0.6.32.
Critical Impact
Unauthenticated or low-privilege users can trigger unbounded container log growth, exhausting host disk resources and causing service outage.
Affected Products
- AutoGPT Platform versions prior to 0.6.32
- AutoGPT deployments running in container (Docker) mode
- autogpt_libs logging configuration without rotating handlers
Discovery Timeline
- 2026-05-13 - CVE-2025-32425 published to the National Vulnerability Database
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2025-32425
Vulnerability Analysis
The vulnerability stems from how AutoGPT handles operational logging in its container deployment. The platform emits execution telemetry to standard output and standard error streams. Docker captures these streams and persists them to JSON log files on the host filesystem.
Neither the application logging configuration nor the Docker Compose definition imposed a maximum size or rotation policy on these logs. Each user request produces additional log lines, and the log file grows monotonically. Under heavy or sustained traffic, the log volume saturates the host disk.
Once the disk fills, dependent services such as the database, container runtime, and API backend fail to write state and crash or hang. The result is a denial of service condition affecting all platform tenants.
Root Cause
The logging configuration in autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py did not register a rotating handler. The companion docker-compose.platform.yml did not set Docker logging driver options such as max-size or max-file. With no upper bound on either side, log retention was effectively infinite.
Attack Vector
An attacker repeatedly invokes AutoGPT endpoints that produce logged execution output. Each invocation appends data to the container log. Because the platform processes user-controlled workflows and prints results, an attacker can amplify log volume per request. Sustained traffic consumes host disk until write operations fail.
# Patch excerpt: autogpt_libs/logging/config.py
import os
import socket
import sys
+from logging.handlers import RotatingFileHandler
from pathlib import Path
from pydantic import Field, field_validator
The patch introduces RotatingFileHandler to cap log file size and recycle older segments. Source: GitHub Commit 57a06f7.
Detection Methods for CVE-2025-32425
Indicators of Compromise
- Rapid growth of Docker JSON log files under /var/lib/docker/containers/<id>/<id>-json.log on AutoGPT hosts.
- Disk usage alerts on the host running AutoGPT containers, particularly on the partition backing /var/lib/docker.
- Container or service restarts triggered by ENOSPC (no space left on device) errors in system logs.
Detection Strategies
- Monitor filesystem utilization on AutoGPT hosts and alert when free space drops below an operational threshold.
- Inspect Docker container log file sizes with docker ps --size and du -sh against the container log directory.
- Correlate spikes in HTTP request volume against AutoGPT endpoints with growth in log file size to identify abusive traffic patterns.
Monitoring Recommendations
- Ingest host disk metrics and Docker daemon logs into a centralized telemetry pipeline for trend analysis.
- Track per-container log throughput and alert on anomalous write rates compared to baseline.
- Audit the running AutoGPT version against 0.6.32 and flag containers still on vulnerable releases.
How to Mitigate CVE-2025-32425
Immediate Actions Required
- Upgrade AutoGPT to autogpt-platform-beta-v0.6.32 or later, which adds a RotatingFileHandler to the logging configuration.
- Apply Docker logging driver limits to all AutoGPT containers until the upgrade is complete.
- Rotate or truncate existing oversized container log files to reclaim disk space.
Patch Information
The fix is delivered in commit 57a06f70883ce6be18738c6ae8bb41085c71e266 and published in release autogpt-platform-beta-v0.6.32. Details are documented in GitHub Security Advisory GHSA-vw3v-whvp-33v5.
Workarounds
- Configure Docker daemon-wide log rotation in /etc/docker/daemon.json using log-driver: json-file with max-size and max-file options.
- Set per-service logging options in docker-compose.platform.yml to bound log file size and count.
- Place AutoGPT behind a rate-limiting reverse proxy to reduce the rate of log-producing requests from any single source.
# Configuration example: bound Docker container logs
cat <<'EOF' > /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "50m",
"max-file": "5"
}
}
EOF
systemctl restart docker
# Or apply per-service in docker-compose.platform.yml
# services:
# backend:
# logging:
# driver: "json-file"
# options:
# max-size: "50m"
# max-file: "5"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
