PT-2025-2830 · Rasa · Rasa Pro+1
Julian Scheid
·
Published
2025-01-14
·
Updated
2025-01-17
·
CVE-2024-49375
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rasa versions prior to 3.6.21
Rasa Pro versions prior to 3.8.18, 3.9.16, 3.10.12
Description
A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are:
- The HTTP API must be enabled on the Rasa instance, for example, with
--enable-api. - For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in the documentation.
- For authenticated RCE, the attacker must possess a valid authentication token or JWT to interact with the Rasa API.
Recommendations
For Rasa versions prior to 3.6.21, upgrade to version 3.6.21 or later.
For Rasa Pro versions prior to 3.8.18, 3.9.16, 3.10.12, upgrade to version 3.8.18, 3.9.16, 3.10.12 or later.
As a temporary workaround, consider enabling authentication for the Rasa HTTP API and ensuring that only trusted users are given access.
Restrict access to the Rasa API to minimize the risk of exploitation by only loading models from trusted sources and confirming sufficient access controls.
Ensure that you utilize the principle of least privilege to control who in your organization has the ability to interact with the Rasa API even with authentication enabled.
Fix
RCE
Code Injection
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rasa
Rasa Pro