CVE-2025-43851
📋 TL;DR
This vulnerability allows remote code execution through unsafe deserialization in Retrieval-based-Voice-Conversion-WebUI. Attackers can exploit the model_choose parameter to execute arbitrary code on affected systems. Users running versions 2.2.231006 or earlier are vulnerable.
💻 Affected Systems
- Retrieval-based-Voice-Conversion-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attackers to execute arbitrary commands, install malware, steal data, or pivot to other systems.
Likely Case
Remote code execution leading to data theft, cryptocurrency mining, or ransomware deployment.
If Mitigated
Limited impact with proper network segmentation and minimal privileges, potentially only affecting the application service.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves passing malicious input to torch.load() without proper validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
Restart Required: Yes
Instructions:
No official patch exists. Monitor the GitHub repository for updates and apply when available. Consider workarounds or discontinuing use until patched.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict validation on model_choose parameter to only allow safe, predefined paths
# Modify the code to validate model paths before passing to torch.load()
# Example: if not model_path.startswith('/safe/path/'): raise ValueError('Invalid model path')
Network Isolation
linuxRun the application in isolated network segments with no internet access
# Use firewall rules to restrict network access
# Example: iptables -A OUTPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Disable or remove the vulnerable application until a patch is available
- Implement strict network access controls and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check the version in the application or configuration files. If version is 2.2.231006 or earlier, the system is vulnerable.Check Version:
Check the application's version file or configuration, or run: python -c "import sys; sys.path.insert(0, '/path/to/app'); import version; print(version.__version__)"Verify Fix Applied:
Verify that the model_choose parameter is properly validated and cannot accept arbitrary user input.📡 Detection & Monitoring
Log Indicators:
- Unusual model path requests
- Errors from torch.load() with suspicious paths
- Unexpected process execution
Network Indicators:
- Outbound connections from the application to unexpected destinations
- Download attempts from unusual sources
SIEM Query:
source="application_logs" AND (model_path CONTAINS "http://" OR model_path CONTAINS "ftp://" OR model_path CONTAINS "..")🔗 References
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer/modules/onnx/export.py#L7
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1073
- https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1098
- https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
