CVE-2025-49837 is a high-severity vulnerability affecting GPT-SoVITS-WebUI, a voice conversion and text-to-speech web interface developed by RVC-Boss. The vulnerability arises from unsafe deserialization of untrusted data in the AudioPre class within the vr.py module. Specifically, the model_choose variable, which accepts user input representing a model path, is passed to the uvr function. Within uvr, an AudioPre instance is created with the model_path attribute set to this user input appended with a .pth extension. The AudioPre class then uses torch.load to load the model from this path. Since torch.load performs deserialization, if an attacker controls the input path and the contents of the file, they can craft malicious serialized objects that execute arbitrary code upon deserialization. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data). It requires no authentication or user interaction, can be exploited remotely over the network, and has a CVSS 4.0 score of 8.9, indicating a high impact on confidentiality, integrity, and availability. At the time of publication, no patches or mitigations have been released. No known exploits are currently observed in the wild, but the ease of exploitation and severity suggest a significant risk if weaponized.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a critical risk. Exploitation could lead to remote code execution on servers hosting the application, potentially allowing attackers to gain full control over affected systems. This can result in data breaches, unauthorized access to sensitive voice data, disruption of voice services, and lateral movement within networks. Organizations relying on voice conversion or text-to-speech for customer interaction, accessibility, or internal communications could face operational downtime and reputational damage. Given the lack of patches, organizations are exposed until mitigations are applied. The vulnerability's network accessibility and no requirement for authentication increase the likelihood of exploitation, especially in environments where the application is exposed to untrusted users or the internet.

1. Immediately restrict access to GPT-SoVITS-WebUI instances to trusted internal networks or VPNs to reduce exposure. 2. Implement strict input validation and sanitization on the model_choose parameter to prevent arbitrary file paths or untrusted inputs. 3. Disable or replace the use of torch.load for loading models with safer alternatives that do not perform arbitrary deserialization, such as using torch.jit.load or custom deserialization methods that validate input. 4. Monitor application logs for unusual or unexpected model loading requests or file access patterns. 5. Employ application-layer firewalls or web application firewalls (WAFs) with rules to detect and block suspicious payloads targeting this vulnerability. 6. Prepare for patch deployment by tracking vendor updates and applying them promptly once available. 7. Conduct security reviews and code audits of any custom modifications to the GPT-SoVITS-WebUI to identify similar unsafe deserialization patterns.