AVID-2026-R1699

Description

GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI (CVE-2025-43846)

Details

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path1 variable takes user input (e.g. a path to a model) and passes it to the show_info function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Reason for inclusion in AVID: The CVE describes an unsafe deserialization vulnerability in a software component used in AI voice conversion pipelines (Retrieval-based-Voice-Conversion-WebUI). This vulnerability enables remote code execution via user-controlled model loading, aligning with AI/ML system software, affects components used to build/deploy AI systems, is a security vulnerability, and the report provides explicit evidence of the vulnerability and impact.

References

• NVD entry
• https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/
• https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer/lib/train/process_ckpt.py#L53
• https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1439
• https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1444

Affected or Relevant Artifacts

• Developer: RVC-Project
• Deployer: RVC-Project
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-05-05
• Version: 0.3.3
• AVID Entry