Lucene search
K

4 matches found

Circl
Circl
added 2025/05/05 8:16 p.m.25 views

CVE-2025-43850

creationtimestamp| type| source ---|---|--- 2025-05-05 20:16:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrigju2h 2025-05-05 21:33:05+00:00| published-proof-of-concept| Telegram/4ybX3uzHn196N4ZX40WWFSYjrgaegjcyIGLUDry13ex5SY 2025-05-05 21:44:27+00:00| seen|...

9.8CVSS4.8AI score0.00762EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 7:15 p.m.14 views

CVE-2025-43850

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

9.8CVSS0.00762EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/05 6:20 p.m.17 views

CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

9.3CVSS0.00762EPSS
Exploits0References4
CVE
CVE
added 2025/05/05 6:20 p.m.55 views

CVE-2025-43850

The CVE affects Retrieval-based-Voice-Conversion-WebUI (RVC) versions 2.2.231006 and earlier. The root cause is unsafe deserialization: the ckpt_dir input is passed to export.py’s change_info function, which loads a model with torch.load, enabling remote code execution. Public documentation confi...

9.8CVSS7.4AI score0.00762EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder