Rasa (un)authenticated Remote Code Execution via remote model loading (CVE-2024-49375)
Rasa 和 Rasa-pro 的旧版本存在未经认证的远程代码执行漏洞,默认配置不受影响,启用 HTTP API 时受影响;修复版本已发布;CVSS 评分 9.1 分;exploits 可用。 2025-4-1 00:0:0 Author: github.security.telekom.com(查看原文) 阅读量:7 收藏

During an internal penetration test a product was checked which uses Rasa to build a conversational AI. A mixture of penetration testing and source code analysis led to the discovery of an (un)authenticated Remote Code Execution.

TL;DR

Which versions are affected?

  • rasa (pip) <3.6.21
  • rasa-pro (pip) <3.10.12, <3.9.16, <3.8.18

Are fixed versions available?
Yes, namely:

  • rasa (pip) 3.6.21
  • rasa-pro (pip) 3.10.12, 3.9.16, 3.8.18

Does Rasa need to be patched?
Yes and as fast as possible due to its severity (critical, 9.1/10, CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Additional information on the fix and the mitigation advice can be found at GitHub.

The RCE vulnerability affects systems running Rasa as follows:

  • Default configuration: not affected by RCE
  • HTTP API enabled (--enable-api): affected
    • No authentication method in use: unauthenticated RCE
    • Token Based Auth: authenticated RCE
    • JWT Based Auth: authenticated RCE

Is an exploit available?
Yes, the exploit can be found at the end of the full advisory and here.

Links:
https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-cpv4-ggrr-7j9v
https://nvd.nist.gov/vuln/detail/cve-2024-49375

Credits
Julian Scheid ([email protected])

Technical deep dive

For those interested in taking a technical deep dive in how the vulnerability was discovered and how the exploit has been developed, reading the full advisory is highly recommended.

View the full advisory


文章来源: https://github.security.telekom.com/2025/04/rasa-unauthenticated-rce-cve-2024-49375.html
如有侵权请联系:admin#unsafe.sh