3 matches found
CVE-2025-43848
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it to...
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...
CVE-2025-43848
CVE-2025-43848 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The flaw is unsafe deserialization in process_ckpt.py: ckpt_path0 accepts user input (e.g., a model path) and passes it to torch.load via change_info, enabling remote code execution. At publicati...