CVE-2025-49835 is a high-severity command injection vulnerability identified in the GPT-SoVITS-WebUI, a web-based interface for voice conversion and text-to-speech functionalities developed by RVC-Boss. The vulnerability exists in versions 20250228v3 and earlier. Specifically, the flaw resides in the open_asr function within the webui.py file. This function accepts user input through the parameter asr_inp_dir, among others, which is then concatenated directly into a system command executed on the server without proper sanitization or neutralization of special characters. This improper handling of user-supplied input (classified under CWE-77: Improper Neutralization of Special Elements used in a Command) allows an unauthenticated attacker to inject arbitrary commands that the server will execute with the privileges of the application process. The vulnerability has a CVSS 4.0 base score of 8.9, reflecting its critical impact and ease of exploitation, as it requires no authentication or user interaction and can be triggered remotely over the network. At the time of publication, no patches or mitigations have been officially released by the vendor, increasing the risk of exploitation. Although no known exploits are currently observed in the wild, the nature of the vulnerability makes it a prime candidate for attackers seeking to gain unauthorized control over affected systems, potentially leading to full system compromise, data theft, or disruption of services.

For European organizations utilizing GPT-SoVITS-WebUI, this vulnerability poses a significant risk. Successful exploitation could lead to arbitrary command execution on servers hosting the vulnerable software, compromising confidentiality, integrity, and availability of critical data and services. Organizations in sectors such as telecommunications, media, and any industry leveraging voice conversion or text-to-speech technologies could face operational disruptions, data breaches, or unauthorized access to internal networks. Given the unauthenticated and network-accessible nature of the vulnerability, attackers could remotely compromise systems without prior access, increasing the threat surface. Additionally, the lack of an available patch means organizations must rely on interim mitigations, which may be incomplete or complex to implement. The impact is exacerbated in environments where the software runs with elevated privileges or is integrated into larger workflows, potentially allowing lateral movement within networks. This could lead to broader compromise beyond the initial vulnerable host, affecting European enterprises' compliance with data protection regulations such as GDPR due to potential data exposure.

Immediate mitigation steps should include restricting network access to the GPT-SoVITS-WebUI service to trusted users only, ideally through network segmentation and firewall rules limiting inbound connections. Organizations should implement strict input validation and sanitization at the application layer if they have the capability to modify the source code, ensuring that user inputs are not directly passed to system commands. Employing application-level sandboxing or containerization can limit the impact of a successful exploit by isolating the vulnerable process. Monitoring and logging all interactions with the web UI can help detect suspicious activities indicative of exploitation attempts. Until an official patch is released, consider disabling or removing the vulnerable open_asr functionality if it is not essential. Organizations should also prepare incident response plans specific to command injection attacks and keep abreast of vendor communications for forthcoming patches. Finally, conducting regular security assessments and penetration tests focusing on web interfaces can help identify similar vulnerabilities proactively.