{"data":{"id":"4526c002-0b02-4a34-ad80-b439fa7cd6c7","title":"CVE-2025-32377: Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models","summary":"Rasa Pro is a framework for building conversational AI assistants that use large language models. A vulnerability was found where voice connectors (tools that receive audio input) did not properly check user authentication even when security tokens were configured, allowing attackers to send voice data to the system without permission.","solution":"This issue has been patched in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6 for the audiocodes, audiocodes_stream, and genesys connectors. Update Rasa Pro to one of these versions or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-32377","publishedAt":"2025-04-18T20:15:16.670Z","cveId":"CVE-2025-32377","cweIds":["CWE-306"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Rasa Pro"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00225,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}