CVE-2025-49833: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RVC-Boss GPT-SoVITS
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
CVE-2025-49833: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RVC-Boss GPT-SoVITS
Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-11T14:33:57.799Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6876be14a83201eaacd0bcef
Added to database: 7/15/2025, 8:46:12 PM
Last updated: 7/15/2025, 8:46:12 PM
Views: 1
Related Threats
CVE-2025-49836: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RVC-Boss GPT-SoVITS
HighCVE-2025-49835: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RVC-Boss GPT-SoVITS
HighCVE-2025-49834: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in RVC-Boss GPT-SoVITS
HighCVE-2025-49839: CWE-502: Deserialization of Untrusted Data in RVC-Boss GPT-SoVITS
HighCVE-2025-49838: CWE-502: Deserialization of Untrusted Data in RVC-Boss GPT-SoVITS
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.