CVE-2025-43843
Published: 05 May 2025
Summary
CVE-2025-43843 is a high-severity Command Injection (CWE-77) vulnerability in Rvc-Project Retrieval-Based-Voice-Conversion-Webui. Its CVSS base score is 8.9 (High).
Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Retrieval-based-Voice-Conversion-WebUI is a voice conversion framework based on VITS. Versions 2.2.231006 and earlier contain a command-injection vulnerability (CWE-77) in the extract_f0_feature function. User-controlled values for exp_dir1, np7, and f0method8 are concatenated directly into a shell command that is executed on the server, allowing arbitrary command execution. The issue carries a CVSS 4.0 score of 8.9 and affects the web interface exposed by infer-web.py.
An unauthenticated remote attacker can supply crafted input through the web UI to run arbitrary operating-system commands with the privileges of the web-server process. Successful exploitation grants full control over the host, including the ability to read or modify data, install persistent access, or pivot within the environment.
No patches are known to exist. The five referenced GitHub links point to the exact lines in infer-web.py (around 265–332 and 1276–1289) where the unsanitized inputs are assembled and passed to the command-execution path.
The associated EPSS score remains flat at 0.0232 with no material increase after disclosure. The affected software is an open-source retrieval-based voice-conversion application commonly used in machine-learning audio workflows.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-13513
Vulnerability details
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7 and f0method8 take user input and pass it into the extract_f0_feature function, which concatenates them into a command…
more
that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.