5 matches found
CVE-2025-43852
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...
CVE-2025-43852
creationtimestamp| type| source ---|---|--- 2025-05-05 20:16:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qr6frp2h 2025-05-05 21:44:20+00:00| seen| https://t.me/cvedetector/24483 2025-05-06 03:23:35+00:00| published-proof-of-concept|...
CVE-2025-43852
CVE-2025-43852 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project). The vulnerable component is the code path in VR where the model path input is assigned to the AudioPreDeEcho class via the model_name check for the string "DeEcho"; within AudioPreDeEcho, user input is passed to torch.lo...
CVE-2025-43852 GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...
CVE-2025-43852 GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...