CVE-2025-43848 is a high-severity vulnerability affecting the Retrieval-based-Voice-Conversion-WebUI (RVC-Project), a voice changing framework based on VITS technology. The vulnerability arises from unsafe deserialization of untrusted data in versions 2.2.231006 and earlier. Specifically, the variable ckpt_path0 accepts user input, such as a path to a model file, which is then passed to the change_info function in the process_ckpt.py script. This function uses torch.load to load the model from the specified path. Since torch.load performs deserialization, if the input is crafted maliciously, it can lead to unsafe deserialization, enabling remote code execution (RCE) without requiring authentication or user interaction. This means an attacker can execute arbitrary code on the system running the vulnerable software simply by supplying a malicious model path. No patches or fixes are available at the time of publication, and no known exploits have been observed in the wild yet. The CVSS v4.0 base score is 8.9 (high), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability is categorized under CWE-502 (Deserialization of Untrusted Data), a common and dangerous class of vulnerabilities that can lead to full system compromise if exploited successfully.

For European organizations using the Retrieval-based-Voice-Conversion-WebUI, this vulnerability poses a significant risk. Since the software is designed for voice conversion, it may be deployed in environments handling sensitive audio data, including media production, telecommunications, or research institutions. Exploitation could lead to unauthorized remote code execution, allowing attackers to gain control over affected systems, steal sensitive data, disrupt services, or pivot within the network. The lack of authentication and user interaction requirements makes it easier for attackers to exploit remotely, potentially leading to widespread compromise if exposed to the internet or accessible networks. This could result in data breaches, intellectual property theft, operational disruption, and reputational damage. Additionally, given the increasing adoption of AI and voice technologies in Europe, the impact could extend to critical sectors such as finance, healthcare, and government services that integrate voice conversion tools for accessibility or communication purposes.

Given the absence of official patches, European organizations should implement immediate compensating controls. First, restrict network access to the Retrieval-based-Voice-Conversion-WebUI instances, limiting exposure to trusted internal networks only. Employ strict input validation and sanitization on any user-supplied paths or model files to prevent malicious payloads from being loaded. Consider deploying application-layer firewalls or runtime application self-protection (RASP) solutions to detect and block suspicious deserialization attempts. Monitor logs for unusual torch.load invocations or unexpected file access patterns. If possible, isolate the service in a sandboxed or containerized environment with minimal privileges to limit the impact of potential exploitation. Organizations should also engage with the vendor or community to track patch releases and apply updates promptly once available. Finally, conduct security awareness training for developers and administrators about the risks of unsafe deserialization and secure coding practices.