CNNVD-202507-2085 Information
CNNVD ID
CNNVD-202507-2085
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在代码问题漏洞,该漏洞源于inference_webui.py存在不安全反序列化,可能导致执行任意代码。
Description (English)
GPT-SoVITS-WebUI is a TTS training model for RVC-Boss personal developers. GPT-SoVITS-WebUI 20250228v3 and previous versions had a code loophole, which stemmed from the unsafe back-serialization of inference webui.py, which could lead to the implementation of arbitrary codes.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Live Support
Published
2025-07-15
Last Modified
2026-02-24
References
https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/ https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L927 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L310 https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L872 https://nvd.nist.gov/vuln/detail/CVE-2025-49840
Patch
https://github.com/RVC-Boss/GPT-SoVITS/releases
Share on: