CVE-2025-43843
📋 TL;DR
CVE-2025-43843 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows attackers to execute arbitrary commands on the server. The vulnerability affects versions 2.2.231006 and prior, enabling remote code execution through user-controlled parameters passed to the extract_f0_feature function. Anyone running vulnerable versions of this voice changing framework is at risk.
💻 Affected Systems
- Retrieval-based-Voice-Conversion-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, ransomware deployment, lateral movement within the network, and complete system takeover.
Likely Case
Attackers gain shell access to the server, install backdoors, steal sensitive data, and use the compromised system for further attacks.
If Mitigated
Limited impact with proper network segmentation and least privilege, potentially only affecting the application service account.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves direct command injection with user-controlled parameters. No authentication is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch exists. Monitor the GitHub repository for updates and apply immediately when available.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation for exp_dir1, np7, and f0method8 parameters to only allow expected values
# Add input validation in infer-web.py before extract_f0_feature function
Command Execution Restriction
allReplace os.system or subprocess calls with safer alternatives that don't allow shell command injection
# Use subprocess.run with explicit args list instead of shell=True
🧯 If You Can't Patch
- Immediately isolate the vulnerable system from the internet and restrict network access to only necessary services
- Implement strict network segmentation and monitor all traffic to/from the vulnerable system for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check if you're running Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 or earlier by examining the version in the application or checking the source codeCheck Version:
grep -r 'version' *.py or check the application interface for version informationVerify Fix Applied:
Verify that input validation has been implemented for exp_dir1, np7, and f0method8 parameters and that shell command injection is no longer possible📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Suspicious process creation from the Python application
- Unexpected shell commands containing user input
Network Indicators:
- Unexpected outbound connections from the application server
- Command and control traffic patterns
SIEM Query:
Process creation where parent process contains 'python' AND command line contains suspicious patterns like ';', '|', '&', '`', '$('🔗 References
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L1276-L1289
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L265-L274
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L276-L278
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L307-L309
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L330-L332
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L373-L375
- https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
