CVE-2025-43849
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running Retrieval-based-Voice-Conversion-WebUI by exploiting unsafe deserialization in the model loading process. Attackers can achieve remote code execution by providing malicious model files or paths. Users of versions 2.2.231006 and earlier are affected.
💻 Affected Systems
- Retrieval-based-Voice-Conversion-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the server, allowing data theft, lateral movement, and persistent backdoor installation.
Likely Case
Remote code execution leading to service disruption, cryptocurrency mining, or data exfiltration from the vulnerable system.
If Mitigated
Limited impact if system is isolated with minimal privileges, though RCE could still affect the application's data and functionality.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves passing malicious input to torch.load() without proper validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
Restart Required: Yes
Instructions:
No official patch exists. Monitor the GitHub repository for updates and apply when available.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict validation of user-provided model paths to prevent directory traversal and ensure only trusted model files are loaded.
Network Isolation
allRestrict network access to the application to trusted users only using firewall rules.
🧯 If You Can't Patch
- Disable the vulnerable merge functionality entirely if not required.
- Run the application in a sandboxed environment with minimal privileges and no network access.
🔍 How to Verify
Check if Vulnerable:
Check if using Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 or earlier by examining the version in the application or configuration files.Check Version:
Check the version in the application's source code or configuration files (no standard command).Verify Fix Applied:
Verify that the application version is later than 2.2.231006 once a patch is released.📡 Detection & Monitoring
Log Indicators:
- Unusual model file paths in application logs
- Errors from torch.load() with suspicious inputs
- Unexpected process execution from the application
Network Indicators:
- Unexpected outbound connections from the application server
- Suspicious file uploads to model endpoints
SIEM Query:
Search for process execution events from the RVC-WebUI application or related Python processes with unusual command-line arguments.🔗 References
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer/lib/train/process_ckpt.py#L196
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1357
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1358
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1398
- https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
