CVE-2025-49836
Published: 15 July 2025
Summary
CVE-2025-49836 is a critical-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validating and sanitizing user-supplied path_list inputs to block command injection in the change_label function.
Requires monitoring, reporting, and remediating flaws like this command injection vulnerability through patching or code fixes.
Limits the impact of arbitrary command execution by enforcing least privilege on the webui.py process.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in web UI enables exploitation of public-facing application (T1190) for arbitrary remote command execution via shell (T1059).
NVD Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, which concatenates the user input into…
more
a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2025-49836 is a command injection vulnerability affecting GPT-SoVITS-WebUI, an open-source web interface for voice conversion and text-to-speech functionality. The issue resides in the change_label function within webui.py, impacting versions 20250228v3 and prior. User-supplied input via the path_list parameter is directly concatenated into an operating system command and executed on the server, enabling arbitrary command execution. The vulnerability is rated at CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-77 (Command Injection).
The vulnerability can be exploited remotely over the network by unauthenticated attackers with no privileges or user interaction required. An attacker simply needs to submit malicious input through the path_list parameter to the affected endpoint, triggering the injection and execution of arbitrary commands on the host system. Successful exploitation grants full control over the server, potentially allowing data exfiltration, persistence, lateral movement, or complete compromise.
Advisories, including GitHub Security Lab's GHSL-2025-045 and GHSL-2025-048, detail the flaw with references to specific lines in webui.py (e.g., lines 272, 275, 955, and 960). At the time of publication on 2025-07-15, no patched versions were available, leaving users without an official fix.
GPT-SoVITS-WebUI relates to AI/ML applications in voice synthesis, highlighting risks in exposed open-source tools for such workloads. No real-world exploitation has been reported in available data.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- GPT-SoVITS-WebUI is a web-based user interface platform for AI-driven voice conversion and text-to-speech, providing tools for audio processing and model operations.