CVE-2025-1040

HIGH

AutoGPT < 0.4.0 - Server-Side Template Injection via AgentOutputBlock Format String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-1040. PoCs published by Acczdy.

AI-analyzed exploit summary The repository contains a Python script template for CVE-2025-1040 with placeholder functions and minimal implementation. The README lacks technical details and the exploit function is not implemented.

Description

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.

Exploits (1)

github STUB
by Acczdy · pythonpoc
https://github.com/Acczdy/CVE-Vault/tree/master/CVE-2025-1040

The repository contains a Python script template for CVE-2025-1040 with placeholder functions and minimal implementation. The README lacks technical details and the exploit function is not implemented.

Classification
Stub 95%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unspecified
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0142
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-1336
Status published
Products (1)
agpt/autogpt_platform < 0.4.0
Published Mar 20, 2025
Tracked Since Feb 18, 2026