CNNVD-202507-2078 Information
CNNVD ID
CNNVD-202507-2078
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在命令注入漏洞,该漏洞源于open_slice函数存在命令注入,可能导致执行任意代码。
Description (English)
GPT-SoVITS-WebUI is a TTS training model for RVC-Boss personal developers. GPT-SoVITS-WebUI 20250228v3 and previous versions had a command-injecting loophole, which originated from the open slice function and could lead to the execution of any code.
Hazard Level
Low
Vulnerability Type
命令注入
Affected Vendor
Live Support
Published
2025-07-15
Last Modified
2026-02-24
References
https://securitylab.github.com/advisories/GHSL-2025-045_GHSL-2025-048_RVC-Boss_GPT-SoVITS/ https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L503 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L889 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L501 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L1036 https://nvd.nist.gov/vuln/detail/CVE-2025-49833
Patch
https://github.com/RVC-Boss/GPT-SoVITS/releases
Share on: