AVID-2026-R1700

Description

GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI (CVE-2025-43847)

Details

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to the extract_small_model function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Reason for inclusion in AVID: CVE-2025-43847 describes an unsafe deserialization vulnerability in Retrieval-based-Voice-Conversion-WebUI, where a user-controlled model path is passed to torch.load, enabling remote code execution. This is a software vulnerability in an AI-related component (voice conversion framework) used in ML pipelines, impacting the software supply chain for general-purpose AI systems (dependencies/model-loading code, runtimes). The description and references indicate a security flaw with potential RCE, and there is sufficient evidence to classify as a supply-chain vulnerability in AI software stacks.

References

Affected or Relevant Artifacts

Developer: RVC-Project
Deployer: RVC-Project
Artifact Details:

Type	Name
System	Retrieval-based-Voice-Conversion-WebUI

Impact

AVID Taxonomy Categorization

Risk domains: Security
SEP subcategories: S0100: Software Vulnerability
Lifecycle stages: L06: Deployment

CWE

ID	Description
CWE-502	CWE-502: Deserialization of Untrusted Data

Other information

Report Type: Advisory
Credits:
Date Reported: 2025-05-05
Version: 0.3.3
AVID Entry