CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

CVE-2025-49835 GHSL-2025-047: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...

CVE-2025-49835

GPT-SoVITS-WebUI contains a command-injection vulnerability in the open_asr (webui.py) function. In versions 20250228v3 and prior, user-controlled input is incorporated into a shell command, which is then executed on the server, enabling arbitrary command execution. Multiple connected sources cor...

CVE-2025-49834 GHSL-2025-046: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...

CVE-2025-49834 GHSL-2025-046: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...

CVE-2025-49834

GPT-SoVITS-WebUI suffers a command injection in the open_denoise function (webui.py) where denoise_inp_dir and denoise_opt_dir take user input that is concatenated into a server-executed command. Affected versions: 20250228v3 and prior. Consequence: arbitrary command execution on the server. At p...

CVE-2025-49834 GHSL-2025-046: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...

CVE-2025-49833 GHSL-2025-045: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

CVE-2025-49833 GHSL-2025-045: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

CVE-2025-49833 GHSL-2025-045: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

CVE-2025-49833

GPT-SoVITS-WebUI, a voice conversion and TTS web UI, contains a command injection in the webui.py open_slice function. In versions 20250228v3 and earlier, slice_opt_root and slice-inp-path take user input that is concatenated into a command and executed on the server, enabling arbitrary command e...

PT-2025-29678 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions prior to 20250228v3 Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the change label function within the webui.py file. The path list variable takes...

PT-2025-29679 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPre module. The model choose variable accepts...

GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from unsafe deserialization handling of the AudioPre class when receiving user-submitted serialized data, and can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI changelabel function that can be exploited by an attacker to execute arbitrary commands on the system...

PT-2025-29683 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists in process ckpt.py due to unsafe deserialization. The SoVITS dropdown variable accepts user input, whic...

PT-2025-29681 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A deserialization issue exists in the bsroformer.py file. The model choose variable accepts user-supplied input, such...

PT-2025-29682 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. An unsafe deserialization issue exists in the inference webui.py file. The application takes user input via the gpt...

PT-2025-29675 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the webui.py open slice function. User-supplied input to slice opt root and...

PT-2025-29680 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPreDeEcho component. The model choose variable accepts...