Rasahq Rasa-Pro-Security-Advisories vulnerabilities
2 known vulnerabilities affecting rasahq/rasa-pro-security-advisories.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-49375P2CRITICALCVSS 9.0fixed in 3.6.212025-01-14
CVE-2024-49375 [CRITICAL] CWE-94 CVE-2024-49375: Open source machine learning framework. A vulnerability has been identified in Rasa that enables an
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `--enable-api`. This is not t
nvd
CVE-2025-32377P3MEDIUMCVSS 6.5v>= 3.12.0, < 3.12.6v>= 3.11.0, < 3.11.7+2 more2025-04-18
CVE-2025-32377 [MEDIUM] CWE-306 CVE-2025-32377: Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate l
Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submi
nvd