CVE-2025-49836
Published: 15 July 2025
Summary
CVE-2025-49836 is a high-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 8.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
GPT-SoVITS-WebUI is a voice conversion and text-to-speech web interface. Versions 20250228v3 and earlier contain a command injection vulnerability in the change_label function of webui.py. User-controlled input from path_list is concatenated directly into a system command that is executed on the server, enabling arbitrary command execution. The issue is tracked as CWE-77 and carries a CVSS 4.0 score of 8.9.
An unauthenticated remote attacker can supply malicious input through the web interface to run arbitrary commands on the underlying server with no user interaction required. Successful exploitation grants full control over the host, including the ability to read, modify, or delete data and to pivot within the environment.
The referenced GitHub Security Lab advisory GHSL-2025-045 details the vulnerable code paths at the cited lines in webui.py. At the time of disclosure no patched versions were available.
The associated EPSS score has remained flat at 0.0574 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21564
Vulnerability details
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, which concatenates the user input into…
more
a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: gpt
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in web UI enables exploitation of public-facing application (T1190) for arbitrary remote command execution via shell (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validating and sanitizing user-supplied path_list inputs to block command injection in the change_label function.
Requires monitoring, reporting, and remediating flaws like this command injection vulnerability through patching or code fixes.
Limits the impact of arbitrary command execution by enforcing least privilege on the webui.py process.