CVE-2025-49834
Published: 15 July 2025
Summary
CVE-2025-49834 is a critical-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates user inputs for denoise_inp_dir and denoise_opt_dir to prevent command injection payloads from being concatenated into shell commands in the open_denoise function.
Remediates the command injection flaw in webui.py by patching the vulnerable code to sanitize or escape user-supplied directory paths before execution.
Enforces least privilege on the webUI process to restrict the scope and impact of arbitrary commands executed via the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in webui.py functions (open_denoise, etc.) allows arbitrary remote command execution via unsanitized user input passed to Popen(shell=True), enabling T1059 (Command and Scripting Interpreter) and facilitated by exploitation of a public-facing web application (T1190).
NVD Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the open_denoise function, which concatenates the user…
more
input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2025-49834 is a command injection vulnerability (CWE-77) in GPT-SoVITS-WebUI, an open-source web user interface for voice conversion and text-to-speech functionality. The flaw affects versions 20250228v3 and prior, specifically in the open_denoise function of webui.py. User inputs for denoise_inp_dir and denoise_opt_dir are passed directly to the function, which concatenates them into a shell command executed on the server, allowing arbitrary command execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any remote, unauthenticated attacker can exploit this over the network with low complexity and no user interaction. By supplying malicious payloads in the denoise_inp_dir or denoise_opt_dir parameters, the attacker injects and executes arbitrary commands with the privileges of the webUI process, potentially leading to full server compromise, data exfiltration, modification, or denial of service.
GitHub Security Lab advisories GHSL-2025-045 and GHSL-2025-048 identify the issue with code references to webui.py lines 1038, 362, 366, and 909-910. At the time of publication on 2025-07-15, no patched versions were known to be available, leaving users to rely on input validation, network restrictions, or avoiding the affected feature until a fix is released.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- GPT-SoVITS-WebUI is a web-based user interface (WebUI) for AI-driven voice conversion and text-to-speech models, classifying it as an AI platform rather than a framework, library, or specific model type.