4 matches found
CVE-2025-43850
creationtimestamp| type| source ---|---|--- 2025-05-05 20:16:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrigju2h 2025-05-05 21:33:05+00:00| published-proof-of-concept| Telegram/4ybX3uzHn196N4ZX40WWFSYjrgaegjcyIGLUDry13ex5SY 2025-05-05 21:44:27+00:00| seen|...
CVE-2025-43850
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43850
The CVE affects Retrieval-based-Voice-Conversion-WebUI (RVC) versions 2.2.231006 and earlier. The root cause is unsafe deserialization: the ckpt_dir input is passed to export.py’s change_info function, which loads a model with torch.load, enabling remote code execution. Public documentation confi...