CVE-2025-49838 is a high-severity vulnerability affecting GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability arises from unsafe deserialization of untrusted data in the AudioPreDeEcho class within the vr.py module. Specifically, the model_choose variable, which is user-controlled input representing a model path, is passed to the uvr function. Inside uvr, an instance of AudioPreDeEcho is created with the model_path attribute set to this user input appended with a .pth extension. The AudioPreDeEcho class then loads the model file using torch.load, a PyTorch function known to be vulnerable to unsafe deserialization if the input is not properly validated or sanitized. This unsafe deserialization can allow an attacker to execute arbitrary code remotely without any authentication or user interaction, as the CVSS vector indicates network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of GPT-SoVITS-WebUI up to and including 20250228v3, and as of the publication date, no patches or mitigations have been released. The exploitability is rated as probable, though no known exploits have been observed in the wild yet. This vulnerability falls under CWE-502, which covers deserialization of untrusted data leading to remote code execution. Given the nature of the vulnerability, an attacker could craft malicious model files that, when loaded by the vulnerable application, execute arbitrary code on the host system, potentially leading to full system compromise, data theft, or service disruption.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a significant risk. The ability to execute arbitrary code remotely without authentication means attackers can infiltrate systems hosting the vulnerable software, potentially gaining access to sensitive voice data, intellectual property, or internal networks. This is particularly critical for organizations involved in media production, telecommunications, accessibility services, or any sector relying on voice synthesis and conversion technologies. The compromise could lead to data breaches, disruption of voice services, or use of the compromised systems as a foothold for lateral movement within corporate networks. Additionally, the high impact on confidentiality, integrity, and availability could result in regulatory non-compliance under GDPR if personal data is exposed or manipulated. The lack of available patches increases the urgency for organizations to implement compensating controls to mitigate risk until a fix is released.

Given the absence of official patches, European organizations should immediately implement the following mitigations: 1) Restrict network access to the GPT-SoVITS-WebUI service, limiting it to trusted internal users and systems only, to reduce exposure to remote attackers. 2) Implement strict input validation and sanitization on any user-supplied model paths or files before they are processed by the application, potentially by sandboxing or whitelisting allowed model files. 3) Monitor and audit logs for any unusual activity related to model loading or torch.load calls, to detect potential exploitation attempts. 4) Consider deploying the application within a hardened container or virtual machine with minimal privileges and strict resource controls to contain any potential compromise. 5) Engage with the vendor or community to track patch releases and apply updates promptly once available. 6) If feasible, temporarily disable or restrict the functionality that loads external model files until a secure version is released. 7) Educate developers and administrators about the risks of unsafe deserialization and enforce secure coding practices for handling serialized data.