Rasa Remote Code Execution Vulnerability via Malicious Model Loading

A critical remote code execution vulnerability has been identified in Rasa Open Source versions prior to 3.6.21 and Rasa Pro versions prior to 3.10.12, 3.9.16, and 3.8.18. The vulnerability allows an attacker to execute arbitrary code by loading a maliciously crafted model into a Rasa instance. This issue arises when the HTTP API is enabled without proper authentication or security controls, creating an opportunity for exploitation.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected Rasa instance.

Remediation

Users are advised to upgrade to Rasa Open Source version 3.6.21 or Rasa Pro versions 3.8.18, 3.9.16, or 3.10.12. After upgrading, it is necessary to retrain the model using the fixed version. For those unable to upgrade immediately, it is recommended to enable authentication for the Rasa HTTP API and to only load models from trusted sources.