CVE-2025-49833 – GPT-SoVITS-WebUI Command Injection Vulnerability

July 16, 2025

CVE ID : CVE-2025-49833

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49834 – GPT-SoVITS-WebUI Command Injection Vulnerability

Next Article CVE-2025-49831 – CyberArk Secrets Manager, Self-Hosted Man-in-the-Middle Attack

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-49833 – GPT-SoVITS-WebUI Command Injection Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Samsung’s One UI 7 arriving for these devices first – here’s a trick for getting it early

Rilasciata Fedora Linux 42: la risposta a tutto con GNOME 48 e innovazioni per tutti gli utenti

Grafito: Visualizzatore di Log di Systemd con un’Interfaccia Web Accattivante

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)

CVE-2025-7155 – PHPGurukul Online Notes Sharing System Cookie Handler SQL Injection

CVE-2025-4446 – H3C GR-5400AX Local Buffer Overflow Vulnerability

Whisp, a Pure PHP SSH server, with Ashley Hindle

CVE-2025-49833 – GPT-SoVITS-WebUI Command Injection Vulnerability

Related Posts