5 matches found
CVE-2025-43849
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them to...
CVE-2025-43849
creationtimestamp| type| source ---|---|--- 2025-05-05 20:16:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrf5gq2n 2025-05-05 21:33:05+00:00| published-proof-of-concept| Telegram/4ybX3uzHn196N4ZX40WWFSYjrgaegjcyIGLUDry13ex5SY 2025-05-05 21:44:33+00:00| seen|...
CVE-2025-43849
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43849
CVE-2025-43849 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project). Versions up to 2.2.231006 are vulnerable due to unsafe deserialization in process_ckpt.py: the ckpt_a and cpkt_b inputs are passed to the merge function, which uses torch.load on user-provided paths, enabling remote code...
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...