CVE-2025-49834 in GPT-SoVITSinfo

Summary

by MITRE • 07/16/2025

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the open_denoise function, which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/31/2025

The vulnerability identified as CVE-2025-49834 affects GPT-SoVITS-WebUI, a web-based interface for voice conversion and text-to-speech functionality. This application serves as a sophisticated tool for audio processing and synthesis, making it a potentially attractive target for attackers seeking to compromise systems running this software. The vulnerability exists within the webui.py file in the open_denoise function, which processes audio denoising operations. The affected versions include all releases up to and including 20250228v3, indicating a significant attack surface where this flaw could be exploited across multiple deployments of the software.

The technical flaw manifests as a command injection vulnerability classified under CWE-77, which occurs when user-supplied data is directly incorporated into system commands without proper sanitization or validation. Specifically, the parameters denoise_inp_dir and denoise_opt_dir accept user input that flows directly into the open_denoise function. When these parameters contain malicious input, the function concatenates them into a shell command string and executes this command on the server hosting the web application. This represents a critical security weakness where an attacker can inject arbitrary commands that will be executed with the privileges of the web server process, potentially leading to complete system compromise.

The operational impact of this vulnerability is severe and far-reaching within the context of web application security. An attacker exploiting this command injection flaw can execute arbitrary code on the target system, potentially leading to data exfiltration, system reconnaissance, privilege escalation, or even complete system takeover. The vulnerability enables attackers to perform actions such as reading sensitive files, establishing reverse shells, installing backdoors, or modifying application behavior. Given that this vulnerability affects a voice processing application, the attacker could potentially access audio files, user data, or system configurations that might contain sensitive information. The lack of patched versions at publication time compounds the risk, leaving affected systems exposed without immediate remediation options.

Security practitioners should consider this vulnerability in the context of the MITRE ATT&CK framework, specifically mapping it to techniques such as T1059.001 for command and scripting interpreter and T1021.004 for remote services. The attack surface extends to any environment where the vulnerable GPT-SoVITS-WebUI is deployed, particularly in enterprise environments where voice processing systems might be used for sensitive communications. Organizations should immediately implement network-based mitigations including firewall rules to restrict access to the web application, disable unnecessary features, and monitor for suspicious command execution patterns. Additionally, the vulnerability highlights the importance of input validation and the principle of least privilege in web application development, emphasizing that all user inputs should be properly sanitized and validated before being used in system commands. The absence of patched versions at publication time necessitates immediate defensive measures including temporary workarounds such as disabling the affected functionality or implementing strict input filtering mechanisms at the application level.

Responsible

GitHub M

Reservation

06/11/2025

Disclosure

07/16/2025

Moderation

accepted

CPE

ready

EPSS

0.03300

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!