CVE-2025-49839 is a high-severity vulnerability classified under CWE-502, which involves unsafe deserialization of untrusted data within the GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The affected versions are those up to and including 20250228v3. The vulnerability arises in the bsroformer.py component, where the variable model_choose accepts user input, typically a path to a model file. This input is passed to the uvr function, which instantiates the Roformer_Loader class with the model_path attribute set to the user-supplied input appended with a .ckpt extension. The Roformer_Loader then loads the model file using torch.load, a PyTorch function known to perform deserialization. Because torch.load can deserialize arbitrary Python objects, if an attacker supplies a maliciously crafted model file or path, they can trigger unsafe deserialization, potentially leading to remote code execution or other malicious actions. At the time of publication, no patches or mitigations have been released, and no known exploits are currently observed in the wild. The CVSS 4.0 score is 8.9, reflecting a high severity due to the vulnerability’s network accessibility, lack of required privileges or user interaction, and its potential to fully compromise confidentiality, integrity, and availability of the affected system.

For European organizations utilizing GPT-SoVITS-WebUI, particularly in sectors leveraging voice conversion or text-to-speech technologies such as media, telecommunications, or accessibility services, this vulnerability poses a significant risk. Exploitation could allow attackers to execute arbitrary code remotely without authentication, leading to full system compromise. This could result in unauthorized access to sensitive data, manipulation or disruption of voice services, and potential lateral movement within networks. Given the nature of the software, organizations relying on it for customer-facing or internal communication tools may face service outages or data breaches. Additionally, the lack of available patches increases the window of exposure. The impact is amplified in environments where the software is exposed to untrusted networks or users, such as public-facing web interfaces or multi-tenant cloud deployments.

Immediate mitigation should focus on restricting access to the GPT-SoVITS-WebUI to trusted users and networks only, employing network segmentation and firewall rules to limit exposure. Administrators should disable or restrict the functionality that allows user-supplied model paths until a patch is available. Implementing input validation and sanitization on the model_choose parameter can reduce risk, although this is a temporary measure. Monitoring and logging all access to the vulnerable component is critical to detect potential exploitation attempts. Organizations should also consider running the application in a sandboxed or containerized environment with minimal privileges to contain any compromise. Finally, staying alert for vendor updates or patches and applying them promptly once released is essential. If possible, replacing torch.load with safer deserialization methods or restricting deserialization to trusted sources is recommended in future versions.