CVE-2025-43850 | RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006 export.py change_info ckpt_dir deserialization (GHSL-2025-012)

Inserito da Angelo Barbosa | Mag 5, 2025 | CVE

A vulnerability classified as very critical was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006. Affected by this vulnerability is the function change_info of the file export.py. The manipulation of the argument ckpt_dir leads to deserialization.

This vulnerability is known as CVE-2025-43850. The attack can be launched remotely. There is no exploit available.

CVE-2025-43850 | RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006 export.py change_info ckpt_dir deserialization (GHSL-2025-012)

Post correlati

CVE-2024-4836 | Edito CMS up to 3.25 Configuration File file access

CVE-2024-55539 | Acronis Cyber Protect Cloud Agent up to 39184 on Linux RPM Package risky encryption

CVE-2024-25142 | Apache Airflow up to 2.9.1 Cache Header information disclosure

CVE-2024-57357 | TP-Link TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 sub_4256CC devpwd command injection