CNNVD-202507-2083 Information
CNNVD ID
CNNVD-202507-2083
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在代码问题漏洞,该漏洞源于AudioPreDeEcho类存在不安全反序列化,可能导致执行任意代码。
Description (English)
GPT-SoVITS-WebUI is a TTS training model for RVC-Boss personal developers. GPT-SoVITS-WebUI 20250228v3 and previous versions had a code gap, which stemmed from the unsafe inverse sequence of the AudioPreDeEcho category, which could lead to the implementation of arbitrary codes.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Live Support
Published
2025-07-15
Last Modified
2026-02-24
References
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L157 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/vr.py#L216 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L64-L70 https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/ https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L192-L205 https://nvd.nist.gov/vuln/detail/CVE-2025-49838
Patch
https://github.com/RVC-Boss/GPT-SoVITS/releases
Share on: