CVE-2025-49836
📋 TL;DR
This CVE describes a command injection vulnerability in GPT-SoVITS-WebUI that allows attackers to execute arbitrary commands on the server by manipulating the path_list parameter. The vulnerability affects all deployments running versions 20250228v3 and earlier of the voice conversion software. Attackers can achieve remote code execution with high privileges.
💻 Affected Systems
- GPT-SoVITS-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing installation of malware, data exfiltration, lateral movement to other systems, and persistent backdoor establishment.
Likely Case
Server takeover leading to data theft, cryptocurrency mining, or use as part of a botnet for DDoS attacks.
If Mitigated
Limited impact if proper network segmentation, least privilege, and input validation are implemented.
🎯 Exploit Status
The vulnerability is trivial to exploit with basic command injection techniques and public proof-of-concept exists in the GitHub advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2025-045_GHSL-2025-048_RVC-Boss_GPT-SoVITS/
Restart Required: Yes
Instructions:
1. Monitor the official GitHub repository for patches. 2. When available, update to the patched version. 3. Restart the application service.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd input validation to the change_label function to reject malicious path inputs
# Modify webui.py to validate path_list parameter
# Add input sanitization before line 272 and 955
Disable WebUI Access
linuxTemporarily disable the web interface and use alternative access methods
# Stop the webui service
systemctl stop gpt-sovits-webui
# Or kill the process
pkill -f webui.py
🧯 If You Can't Patch
- Implement strict network access controls to limit webUI access to trusted IPs only
- Run the application in a container with minimal privileges and no network access to other systems
🔍 How to Verify
Check if Vulnerable:
Check if webui.py contains the vulnerable change_label function with unsanitized path_list parameter usageCheck Version:
Check the version in the application interface or examine the source code for version markersVerify Fix Applied:
Verify that path_list input is properly validated and sanitized before being used in system commands📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by successful command execution
- Suspicious process creation from the webui.py process
Network Indicators:
- Unusual outbound connections from the webUI server
- Traffic to known malicious IPs or domains
SIEM Query:
process.name: "python" AND process.args: "webui.py" AND process.args: ("sh" OR "bash" OR "cmd" OR "powershell")🔗 References
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L272
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L275
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L955
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/webui.py#L960
- https://securitylab.github.com/advisories/GHSL-2025-045_GHSL-2025-048_RVC-Boss_GPT-SoVITS/
