CVE-2025-43844
📋 TL;DR
CVE-2025-43844 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows attackers to execute arbitrary commands on the server. The vulnerability affects versions 2.2.231006 and prior, enabling remote code execution through user-controlled variables like exp_dir1. Anyone running vulnerable versions of this voice changing framework is at risk.
💻 Affected Systems
- Retrieval-based-Voice-Conversion-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement in the network.
Likely Case
Attacker gains shell access to the server, potentially installing backdoors, stealing sensitive data, or using the server for cryptocurrency mining.
If Mitigated
Limited impact due to proper input validation, sandboxing, or network segmentation preventing command execution.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves direct command injection without authentication requirements.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
Restart Required: Yes
Instructions:
1. Monitor the official GitHub repository for patches. 2. When a patch is released, update to the fixed version. 3. Restart the application service.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation for all user-controlled variables passed to click_train function
# Modify infer-web.py to sanitize inputs before command construction
# Example: import shlex and use shlex.quote() on user inputs
Network Isolation
linuxPlace the application behind a firewall with strict inbound/outbound rules
# Example iptables rules to restrict access
iptables -A INPUT -p tcp --dport [APP_PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [APP_PORT] -j DROP
🧯 If You Can't Patch
- Immediately remove the application from internet-facing networks
- Implement strict network segmentation and monitor for suspicious command execution
🔍 How to Verify
Check if Vulnerable:
Check the application version and compare against affected versions (2.2.231006 and earlier)Check Version:
Check the version in the application interface or configuration filesVerify Fix Applied:
Test that user input containing shell metacharacters (; & | $) no longer executes commands📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Suspicious process creation from the application
- Unexpected network connections from the application
Network Indicators:
- Outbound connections to suspicious IPs/domains
- Unexpected port scanning from the application server
SIEM Query:
source="application_logs" AND (process_execution="*sh*" OR cmd="*;*" OR cmd="*&*" OR cmd="*|*")🔗 References
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L1376-L1396
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L571-L589
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L591-L608
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer-web.py#L610
- https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
