Cyber Resilience

CVE-2025-49836

HighPublic PoCRCE

Published: 15 July 2025

Published
15 July 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0574 90.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49836 is a high-severity Command Injection (CWE-77) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

GPT-SoVITS-WebUI is a voice conversion and text-to-speech web interface. Versions 20250228v3 and earlier contain a command injection vulnerability in the change_label function of webui.py. User-controlled input from path_list is concatenated directly into a system command that is executed on the server, enabling arbitrary command execution. The issue is tracked as CWE-77 and carries a CVSS 4.0 score of 8.9.

An unauthenticated remote attacker can supply malicious input through the web interface to run arbitrary commands on the underlying server with no user interaction required. Successful exploitation grants full control over the host, including the ability to read, modify, or delete data and to pivot within the environment.

The referenced GitHub Security Lab advisory GHSL-2025-045 details the vulnerable code paths at the cited lines in webui.py. At the time of disclosure no patched versions were available.

The associated EPSS score has remained flat at 0.0574 with no material increase since publication.

EU & UK References

Vulnerability details

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, which concatenates the user input into…

more

a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability in web UI enables exploitation of public-facing application (T1190) for arbitrary remote command execution via shell (T1059).

CVEs Like This One

CVE-2025-49834Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49833Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49835Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49837Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49838Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49841Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49840Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-49839Same product: Rvc-Boss Gpt-Sovits-Webui
CVE-2025-67397Shared CWE-77
CVE-2024-55030Shared CWE-77

Affected Assets

rvc-boss
gpt-sovits-webui
≤ 20250228v3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validating and sanitizing user-supplied path_list inputs to block command injection in the change_label function.

prevent

Requires monitoring, reporting, and remediating flaws like this command injection vulnerability through patching or code fixes.

prevent

Limits the impact of arbitrary command execution by enforcing least privilege on the webui.py process.

References