CVE-2025-43846 – CVE-2025-43846 is a critical unsafe deserializa... (How to Fix)

Q: What is the severity of CVE-2025-43846?

CVE-2025-43846 has a CVSS score of 9.8 (CRITICAL). CVE-2025-43846 is a critical unsafe deserialization vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows remote code execution. Attackers can exploit this by providing malicious model files that execute arbitrary code when loaded via torch.load. All users running vulnerable versions are affected.

📋 TL;DR

CVE-2025-43846 is a critical unsafe deserialization vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows remote code execution. Attackers can exploit this by providing malicious model files that execute arbitrary code when loaded via torch.load. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

Retrieval-based-Voice-Conversion-WebUI

Versions: 2.2.231006 and prior

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using the vulnerable infer-web.py and process_ckpt.py files is affected.

📦 What is this software?

Retrieval Based Voice Conversion Webui by Rvc Project

View all CVEs affecting Retrieval Based Voice Conversion Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the server, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to service disruption, data exfiltration, and cryptocurrency mining malware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation and strict input validation preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No public exploit available yet, but the vulnerability is straightforward to exploit given the CVSS score and attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/

Restart Required: Yes

Instructions:

No official patch exists. Monitor the GitHub repository for updates and apply immediately when available.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict validation of ckpt_path1 input to only allow known safe model files

# Modify process_ckpt.py to validate file paths before torch.load

Network Isolation

all

Run the service in a restricted network environment with no internet access

# Use firewall rules to block all inbound/outbound except required ports

🧯 If You Can't Patch

Disable the vulnerable feature or component entirely
Implement strict network access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if using Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 or earlier

Check Version:

Check the version in the application files or configuration

Verify Fix Applied:

Verify that the vulnerable code in process_ckpt.py has been updated to validate input before torch.load

📡 Detection & Monitoring

Log Indicators:

Unusual file paths in model loading operations
Unexpected process execution from the voice conversion service

Network Indicators:

Outbound connections to suspicious IPs from the service
Unexpected data exfiltration patterns

SIEM Query:

process_name:"python" AND (process_args:"torch.load" OR process_args:"process_ckpt.py") AND file_path:contains(".pth")

📊 Metadata

CVE ID: CVE-2025-43846

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 3.49% exploit probability (87.3th percentile)

Published: May 5, 2025

Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43846, you might also want to check these: