CVE-2025-49835
Published: 15 July 2025
Summary
CVE-2025-49835 is a critical-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validating unsanitized user inputs like asr_inp_dir before concatenation into system commands in the open_asr function, preventing command injection.
Mandates timely identification, reporting, and correction of the command injection flaw in webui.py, eliminating the vulnerability at its source.
Enforces least privilege on processes handling user inputs, limiting the scope and impact of arbitrary commands executed via injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the webUI allows remote arbitrary command execution, enabling exploitation of public-facing applications (T1190) and remote services (T1210).
NVD Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_asr function. asr_inp_dir (and a number of other variables) takes user input, which is passed to the open_asr function,…
more
which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2025-49835 is a command injection vulnerability in GPT-SoVITS-WebUI, an open-source web interface for voice conversion and text-to-speech functionality. The flaw affects versions 20250228v3 and prior, specifically in the open_asr function within webui.py. User inputs, such as asr_inp_dir and related variables, are taken without sanitization and concatenated directly into system commands executed on the server, resulting in arbitrary command execution. This issue is classified under CWE-77 (Command Injection).
The vulnerability can be exploited by unauthenticated remote attackers over the network with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can supply malicious input via affected parameters to inject and execute arbitrary operating system commands on the hosting server, potentially leading to full system compromise, data theft, or further lateral movement.
The GitHub Security Lab advisory (GHSL-2025-045_GHSL-2025-048) identifies the vulnerable code locations in webui.py, including lines 1034, 331, 341, and 920. No patched versions were available at the time of publication on 2025-07-15.
GPT-SoVITS-WebUI supports AI/ML-driven voice synthesis tasks, making this a notable risk for deployments in generative audio applications. No real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- GPT-SoVITS-WebUI is a web-based user interface for AI-driven voice conversion and text-to-speech models, fitting as an 'Other Platforms' category for AI web UIs and tools not covered by more specific categories like frameworks or libraries.