CNNVD-202507-2080 Information

Jul 15, 2025 cve

CNNVD ID

CNNVD-202507-2080

CVE-2025-49834

  • CNNVD Published: 2025-07-15

Description (Chinese)

GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在命令注入漏洞,该漏洞源于open_denoise函数存在命令注入,可能导致执行任意代码。

Description (English)

GPT-SoVITS-WebUI is a TTS training model for RVC-Boss personal developers. GPT-SoVITS-WebUI 20250228v3 and previous versions had a command-injecting loophole, which originated from the open denoise function and could lead to the execution of any code.

Hazard Level

Low

Vulnerability Type

命令注入

Affected Vendor

Live Support

Published

2025-07-15

Last Modified

2026-02-24

References

https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L366 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L909-L910 https://securitylab.github.com/advisories/GHSL-2025-045_GHSL-2025-048_RVC-Boss_GPT-SoVITS/ https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L362 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L1038 https://nvd.nist.gov/vuln/detail/CVE-2025-49834

Patch

https://github.com/RVC-Boss/GPT-SoVITS/releases

Share on: