CVE-2025-49834 is a high-severity command injection vulnerability affecting the GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability exists in versions 20250228v3 and earlier. Specifically, the issue lies in the open_denoise function within the webui.py file. This function accepts user-supplied input parameters denoise_inp_dir and denoise_opt_dir, which are concatenated directly into a system command executed on the server without proper sanitization or neutralization of special characters. This improper handling of user input leads to CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). An attacker can exploit this flaw by crafting malicious input that injects arbitrary commands, which the server executes with the privileges of the web application process. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. At the time of publication, no patches or mitigations have been released by the vendor, increasing the risk of exploitation once the vulnerability becomes widely known. The CVSS v4.0 base score is 8.9, reflecting the critical nature of the vulnerability due to its network attack vector, lack of required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild yet, but the ease of exploitation and severity suggest that attackers may develop exploits soon.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a significant risk. Successful exploitation allows attackers to execute arbitrary commands on the server hosting the web UI, potentially leading to full system compromise. This could result in unauthorized access to sensitive voice data, manipulation or theft of intellectual property related to voice conversion models, disruption of voice services, and lateral movement within internal networks. Given the nature of the product—handling voice conversion and text-to-speech—organizations in media, telecommunications, accessibility services, and AI research could be particularly impacted. The compromise of such systems could also lead to reputational damage and regulatory consequences under GDPR if personal data is exposed or manipulated. The lack of available patches means organizations must rely on immediate mitigations to reduce exposure. The vulnerability’s network accessibility and no requirement for authentication make it a prime target for automated attacks and wormable exploits, increasing the urgency for European entities to address this threat promptly.

Since no official patches are available, European organizations should implement the following specific mitigations: 1) Immediately restrict network access to the GPT-SoVITS-WebUI server by implementing strict firewall rules and network segmentation to limit exposure to trusted internal users only. 2) Employ web application firewalls (WAFs) with custom rules to detect and block command injection patterns targeting the denoise_inp_dir and denoise_opt_dir parameters. 3) Conduct code audits and, if feasible, modify the open_denoise function to sanitize and validate all user inputs rigorously, escaping or rejecting special characters that could be used for command injection. 4) Run the GPT-SoVITS-WebUI service with the least privileges possible, ideally within a container or sandbox environment to contain potential exploitation impact. 5) Monitor system and application logs for unusual command executions or anomalies indicating exploitation attempts. 6) Engage with the vendor or community to track patch releases and apply updates promptly once available. 7) Consider temporary disabling or replacing the vulnerable component if it is not critical to operations until a secure version is released.