CVE-2025-49833
Published: 15 July 2025
Summary
CVE-2025-49833 is a critical-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates command injection by validating user-supplied inputs like slice_opt_root and slice-inp-path before concatenation into system commands in the open_slice function.
Limits unauthenticated access to vulnerable endpoints like open_slice, preventing remote attackers from submitting malicious inputs without identification or authentication.
Requires timely identification, reporting, and remediation of the command injection flaw in webui.py to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in web UI enables exploitation of public-facing application (T1190) for arbitrary OS command execution via command and scripting interpreter (T1059).
NVD Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the…
more
user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
Deeper analysisAI
GPT-SoVITS-WebUI, a web interface for voice conversion and text-to-speech functionality, is affected by CVE-2025-49833, a command injection vulnerability in versions 20250228v3 and prior. The flaw exists in the open_slice function within webui.py, where user-supplied inputs from parameters slice_opt_root and slice-inp-path are directly concatenated into a system command executed on the server, without proper sanitization (CWE-77). This leads to arbitrary command execution and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by any unauthenticated remote attacker with network access, requiring low complexity and no user interaction. By submitting crafted inputs to the affected endpoints, an attacker achieves arbitrary command execution on the underlying host, enabling full compromise of confidentiality, integrity, and availability.
Reference advisories, including GitHub Security Lab's GHSL-2025-045 and GHSL-2025-048, identify the issue with pointers to vulnerable code lines in webui.py (e.g., lines 1036, 501, 503, 889). At the time of publication on 2025-07-15, no patched versions were available.
This flaw impacts an open-source tool tied to AI/ML voice synthesis workflows, underscoring command injection risks in web UIs processing user inputs for such applications. No real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- GPT-SoVITS-WebUI is a web-based platform/UI for AI-driven voice conversion and text-to-speech, fitting under Other Platforms as it is neither a framework, library, nor specialized in listed subdomains like NLP or CV.