{"uuid": "8d0f0e00-9221-4dfd-bc71-6f13713bdc91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43850", "type": "seen", "source": "https://t.me/cvedetector/24488", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43850 - Apache Retrieval-Based Voice Conversion WebUI Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-43850 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The\u00a0ckpt_dir\u00a0variable\u00a0takes user input\u00a0(e.g. a path to a model) and\u00a0passes\u00a0it to the\u00a0change_info\u00a0function in\u00a0export.py, which uses it to\u00a0load the model on that path with\u00a0torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:27.000000Z"}