How severe is CVE-2025-43843?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-43843?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2025-43843 - HIGH Severity | CVSS N/A

Vulnerability Description

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7 and f0method8 take user input and pass it into the extract_f0_feature function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.

Related Vulnerabilities

CVE-2024-51736

NONE

CVSS:0.0(None)

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it...

CWE-772024

CVE-2015-7541

CRITICAL

CVSS:10.0(Critical)

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metachara...

CWE-772015

CVE-2017-7722

CRITICAL

CVSS:10.0(Critical)

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploitin...

CWE-772017

CVE-2017-7876

CRITICAL

CVSS:10.0(Critical)

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bui...

CWE-772017

CVE-2018-16462

CRITICAL

CVSS:10.0(Critical)

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

CWE-772018

CVE-2020-27227

CRITICAL

CVSS:10.0(Critical)

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request...

CWE-772020