CVE-2025-49836 is a critical command injection vulnerability identified in the GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability exists in versions 20250228v3 and earlier. Specifically, the flaw is located in the webui.py file within the change_label function. This function accepts user input via the path_list parameter, which is then concatenated directly into a system command executed on the server without proper sanitization or validation. This improper neutralization of special elements (CWE-77) allows an unauthenticated attacker to inject arbitrary commands that the server executes with the privileges of the application. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, making it highly dangerous. The CVSS 4.0 base score is 8.9 (high severity), reflecting the ease of exploitation and the significant impact on confidentiality, integrity, and availability. At the time of publication, no patches or mitigations have been released, increasing the risk of exploitation once proof-of-concept or exploit code becomes available. Although no known exploits are currently in the wild, the vulnerability’s nature and exposure make it a prime target for attackers aiming to gain control over affected systems, execute arbitrary code, or pivot within networks hosting GPT-SoVITS-WebUI instances.

For European organizations, the impact of this vulnerability can be severe. Organizations using GPT-SoVITS-WebUI for voice conversion or text-to-speech services may face full system compromise if exploited, leading to unauthorized data access, data manipulation, or service disruption. This could affect sectors relying on voice technologies, such as telecommunications, media, accessibility services, and customer support centers. The ability to execute arbitrary commands remotely without authentication means attackers can deploy malware, ransomware, or use the compromised system as a foothold for lateral movement within corporate networks. Additionally, the compromise of voice-related services could lead to privacy violations, intellectual property theft, and reputational damage. Given the growing adoption of AI-driven voice technologies in Europe, the vulnerability poses a significant risk to both private enterprises and public sector entities.

Immediate mitigation steps include isolating the GPT-SoVITS-WebUI instances from public networks to limit exposure. Organizations should implement strict network segmentation and firewall rules to restrict access to the web UI to trusted internal users only. Until an official patch is available, administrators can audit and modify the webui.py source code to sanitize and validate all user inputs passed to the change_label function, employing safe command execution practices such as using parameterized calls or subprocess modules with argument lists instead of shell concatenation. Monitoring and logging all access to the web UI and command execution attempts can help detect exploitation attempts early. Employing application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block suspicious command injection patterns is advisable. Finally, organizations should prepare incident response plans specific to this vulnerability, including backups and recovery procedures, to minimize damage in case of exploitation.