CVE-2025-32377

Published Apr 18, 2025

Last updated 2 months ago

CVSS medium 6.5

Overview

Description
Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
2.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-306

Social media

Hype score
Not currently trending

  1. CVE-2025-32377 Unauthenticated Voice Connector Vulnerability in Rasa Pro Conversational AI Framework https://t.co/RWSuZUP0E9

    @VulmonFeeds

    18 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.