CNNVD-202507-2084 Information
CNNVD ID
CNNVD-202507-2084
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在代码问题漏洞,该漏洞源于bsroformer.py存在不安全反序列化,可能导致执行任意代码。
Description (English)
GPT-SoVITS-WebUI is a TTS training model for RVC-Boss personal developers. GPT-SoVITS-WebUI 20250228v3 and previous versions had a code gap, which stemmed from the unsafe back-sequencing of bsroformer.py, which could lead to the implementation of arbitrary codes.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Live Support
Published
2025-07-15
Last Modified
2026-02-24
References
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L157 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L52-L59 https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/ https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/bsroformer.py#L289 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L192-L205 https://nvd.nist.gov/vuln/detail/CVE-2025-49839
Patch
https://github.com/RVC-Boss/GPT-SoVITS/releases
Share on: