Browse all 3 CVE security advisories affecting RasaHQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RasaHQ develops open-source conversational AI platforms for building chatbots and virtual assistants. Historically, the project has faced vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation and authentication bypasses. While no major public security incidents have been widely documented, the three CVEs on record highlight potential risks in production deployments. Security researchers have identified issues in components like Rasa X and the webchat interface, emphasizing the need for regular updates and input sanitization when deploying these conversational systems in security-sensitive environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-32377 | Rasa Pro Missing Authentication For Voice Connector APIs — rasa-pro-security-advisoriesCWE-306 | 6.5 | Medium | 2025-04-18 |
| CVE-2024-49375 | Remote Code Execution via Remote Model Loading in Rasa — rasa-pro-security-advisoriesCWE-94 | 9.1 | Critical | 2025-01-14 |
| CVE-2021-41127 | Maliciously Crafted Model Archive Can Lead To Arbitrary File Write in rasa — rasaCWE-22 | 7.3 | High | 2021-10-21 |
This page lists every published CVE security advisory associated with RasaHQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.