Cyber Resilience

CVE-2025-49834

HighPublic PoCRCE

Published: 15 July 2025

Published
15 July 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0574 90.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49834 is a high-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

GPT-SoVITS-WebUI is a voice conversion and text-to-speech web interface. Versions 20250228v3 and earlier contain a command injection vulnerability in the open_denoise function of webui.py. The parameters denoise_inp_dir and denoise_opt_dir accept unsanitized user input that is directly concatenated into a shell command executed on the server, enabling arbitrary command execution. The flaw is tracked as CWE-77 and carries a CVSS 4.0 score of 8.9.

An unauthenticated remote attacker can supply crafted directory values through the web UI to run arbitrary operating-system commands with the privileges of the web server process, resulting in full confidentiality, integrity, and availability impact on the host. No authentication or user interaction is required, and the attack can be performed over the network.

Public references, including the project source and a GitHub Security Lab advisory, confirm the vulnerable code paths but state that no patched versions were available at the time of disclosure. The associated EPSS score remains flat at 0.0574 with no material increase observed after publication.

EU & UK References

Vulnerability details

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the open_denoise function, which concatenates the user…

more

input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Command injection vulnerability in webui.py functions (open_denoise, etc.) allows arbitrary remote command execution via unsanitized user input passed to Popen(shell=True), enabling T1059 (Command and Scripting Interpreter) and facilitated by exploitation of a public-facing web application (T1190).

CVEs Like This One

CVE-2025-49836Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49833Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49835Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49837Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49838Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49841Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49840Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49839Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-67397Shared CWE-77
CVE-2024-55030Shared CWE-77

Affected Assets

rvc-boss
gpt-sovits-webui
≤ 20250228v3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates user inputs for denoise_inp_dir and denoise_opt_dir to prevent command injection payloads from being concatenated into shell commands in the open_denoise function.

prevent

Remediates the command injection flaw in webui.py by patching the vulnerable code to sanitize or escape user-supplied directory paths before execution.

prevent

Enforces least privilege on the webUI process to restrict the scope and impact of arbitrary commands executed via the vulnerability.

References