Cyber Resilience

CVE-2025-49833

HighPublic PoCRCE

Published: 15 July 2025

Published
15 July 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0435 89.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49833 is a high-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

GPT-SoVITS-WebUI is a voice conversion and text-to-speech web interface. CVE-2025-49833 is a command injection vulnerability (CWE-77) present in versions 20250228v3 and earlier. In the open_slice function of webui.py, unsanitized values from the slice_opt_root and slice-inp-path parameters are concatenated directly into a system command that is then executed on the server.

An unauthenticated remote attacker can supply crafted input through the web UI to achieve arbitrary command execution. The CVSS 4.0 score of 8.9 reflects that the attack requires no authentication or user interaction and can result in full confidentiality, integrity, and availability impact on the underlying host.

Public references, including the GitHub Security Lab advisory GHSL-2025-045 and the affected code locations in webui.py, confirm the injection path but note that no patched versions were available at the time of disclosure. The associated EPSS score has remained flat at 0.0435 with no material increase since publication.

EU & UK References

Vulnerability details

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the…

more

user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Command injection vulnerability in web UI enables exploitation of public-facing application (T1190) for arbitrary OS command execution via command and scripting interpreter (T1059).

CVEs Like This One

CVE-2025-49834Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49836Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49835Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49837Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49838Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49841Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49840Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49839Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-67397Shared CWE-77
CVE-2024-55030Shared CWE-77

Affected Assets

rvc-boss
gpt-sovits-webui
≤ 20250228v3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates command injection by validating user-supplied inputs like slice_opt_root and slice-inp-path before concatenation into system commands in the open_slice function.

prevent

Limits unauthenticated access to vulnerable endpoints like open_slice, preventing remote attackers from submitting malicious inputs without identification or authentication.

prevent

Requires timely identification, reporting, and remediation of the command injection flaw in webui.py to eliminate the vulnerability.

References