AVID-2026-R1703

Description

GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI (CVE-2025-43851)

Details

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function in vr.py. In uvr , a new instance of AudioPre class is created with the model_path attribute containing the aformentioned user input. In the AudioPre class, the user input, is used to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Reason for inclusion in AVID: CVE-2025-43851 describes an unsafe deserialization vulnerability in Retrieval-based-Voice-Conversion-WebUI, an AI framework used for voice conversion. User-controlled input leads to loading models via torch.load, enabling remote code execution. This is a software vulnerability in an AI framework/component used to build/deploy AI models, not hardware-only. It directly affects AI pipelines and software stacks, with CVE details and references provided.

References

Affected or Relevant Artifacts

Developer: RVC-Project
Deployer: RVC-Project
Artifact Details:

Type	Name
System	Retrieval-based-Voice-Conversion-WebUI

Impact

AVID Taxonomy Categorization

Risk domains: Security
SEP subcategories: S0100: Software Vulnerability
Lifecycle stages: L06: Deployment

CWE

ID	Description
CWE-502	CWE-502: Deserialization of Untrusted Data

Other information

Report Type: Advisory
Credits:
Date Reported: 2025-05-05
Version: 0.3.3
AVID Entry