CVE-2025-49838 is a high-severity vulnerability affecting GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability arises from unsafe deserialization of untrusted data in the AudioPreDeEcho class within the vr.py module. Specifically, the 'model_choose' variable, which accepts user input representing a model path, is passed to the 'uvr' function. Within 'uvr', an instance of AudioPreDeEcho is created with the 'model_path' attribute set to this user input appended with a '.pth' extension. The AudioPreDeEcho class then loads the model file using PyTorch's torch.load function. Since torch.load deserializes the model file, if an attacker can supply a crafted malicious model file, this can lead to arbitrary code execution due to unsafe deserialization. This vulnerability does not require authentication or user interaction and can be exploited remotely over the network (AV:N, AC:L, PR:N, UI:N). The CVSS 4.0 score is 8.9, reflecting high impact on confidentiality, integrity, and availability, with no scope change. No patched versions are currently available at the time of publication (July 2025). No known exploits are reported in the wild yet, but the ease of exploitation and critical nature of deserialization vulnerabilities make this a significant threat. The root cause is the direct use of untrusted user input to load serialized objects without validation or sandboxing, a classic CWE-502 issue.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a severe risk. Successful exploitation could allow attackers to execute arbitrary code on the server hosting the application, leading to full system compromise. This can result in theft or manipulation of sensitive voice data, disruption of voice services, and lateral movement within the network. Given the growing adoption of AI-driven voice conversion and TTS technologies in sectors such as telecommunications, media, customer service, and accessibility services across Europe, the impact could be widespread. Confidentiality breaches could expose proprietary voice models or personal data, while integrity and availability impacts could disrupt critical voice-based applications. The lack of authentication or user interaction requirements means attackers can exploit this remotely and anonymously, increasing the threat level. Additionally, the absence of patches means organizations must rely on mitigations until official fixes are released.

European organizations should implement immediate mitigations to reduce risk. First, restrict access to the GPT-SoVITS-WebUI service to trusted networks or VPNs to limit exposure. Employ network-level controls such as firewalls and intrusion detection systems to monitor and block suspicious requests targeting model loading functionality. Validate and sanitize all user inputs rigorously, especially those specifying model paths, to prevent arbitrary file loading. Where possible, disable or restrict the use of torch.load on untrusted inputs or replace it with safer deserialization methods that do not allow code execution. Implement application-level sandboxing or containerization to isolate the GPT-SoVITS-WebUI environment, limiting the impact of potential exploitation. Monitor logs for unusual activity related to model loading or file access. Maintain an inventory of affected versions and plan for rapid patch deployment once a fix becomes available. Engage with the vendor or open-source community to track patch releases and security advisories. Finally, conduct security awareness training for developers and administrators on the risks of unsafe deserialization and secure coding practices.