{"vulnerability": "CVE-2025-43848", "sightings": [{"uuid": "a0319128-41b8-4f91-9c1f-9f6bca8c2dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43848", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14956", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43848\n\ud83d\udd25 CVSS Score: 8.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The\u00a0ckpt_path0\u00a0variable\u00a0takes user input\u00a0(e.g. a path to a model) and\u00a0passes\u00a0it to the\u00a0change_info\u00a0function in\u00a0process_ckpt.py, which uses it to\u00a0load the model on that path with\u00a0torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.\n\ud83d\udccf Published: 2025-05-05T17:54:58.884Z\n\ud83d\udccf Modified: 2025-05-05T17:54:58.884Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2025-012_GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI/\n2. https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/7ef19867780cf703841ebafb565a4e47d1ea86ff/infer/lib/train/process_ckpt.py#L196\n3. https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1415\n4. https://github.com/RVC-Project/Retrieval-based-Voice-Conversion-WebUI/blob/9f2f0559e6932c10c48642d404e7d2e771d9db43/infer-web.py#L1431", "creation_timestamp": "2025-05-05T18:19:41.000000Z"}]}