CVE-2025-49840 is a high-severity vulnerability affecting the RVC-Boss GPT-SoVITS product, specifically versions 20250228v3 and earlier. GPT-SoVITS-WebUI is a voice conversion and text-to-speech web user interface that leverages machine learning models for audio processing. The vulnerability arises from unsafe deserialization of untrusted data within the inference_webui.py component. Specifically, the GPT_dropdown variable accepts user input, which is then passed to the change_gpt_weights function. Within this function, the user-supplied input (gpt_path) is used directly in a call to torch.load, a PyTorch function that deserializes model files. Because torch.load can execute arbitrary code during deserialization, an attacker can craft malicious input to execute arbitrary code on the server hosting the web UI. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data), which is a common vector for remote code execution (RCE) attacks. The CVSS 4.0 score is 8.9, reflecting a high severity due to the vulnerability's network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. At the time of publication, no patches or mitigations have been released, and no known exploits are currently observed in the wild. However, the ease of exploitation and the critical nature of the vulnerability make it a significant threat to any deployment of GPT-SoVITS-WebUI versions 20250228v3 or earlier. Attackers could leverage this flaw to execute arbitrary code, potentially gaining full control over affected systems, exfiltrating sensitive data, or disrupting service availability.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a serious risk. The ability to execute arbitrary code remotely without authentication means attackers can compromise servers hosting the voice conversion and text-to-speech services. This could lead to unauthorized access to sensitive voice data, intellectual property, or internal networks connected to the affected system. Organizations in sectors such as telecommunications, media production, accessibility services, and AI research that rely on GPT-SoVITS for voice processing are particularly vulnerable. The compromise could result in data breaches, service disruptions, reputational damage, and regulatory non-compliance under GDPR due to potential exposure of personal data. Additionally, since voice synthesis technologies are increasingly integrated into customer-facing applications, exploitation could enable attackers to manipulate voice outputs, leading to fraud or misinformation. The lack of available patches increases the urgency for European organizations to implement compensating controls to mitigate risk until official fixes are released.

Given the absence of official patches, European organizations should take immediate steps to mitigate this vulnerability: 1) Restrict network access to the GPT-SoVITS-WebUI service by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 2) Disable or restrict the functionality that allows users to specify or upload model paths, effectively preventing untrusted input from reaching torch.load. 3) Employ application-layer input validation and sanitization to ensure that only authorized and verified model files are loaded. 4) Run the GPT-SoVITS service within a hardened, isolated environment such as a container or sandbox with minimal privileges to limit the impact of potential exploitation. 5) Monitor logs and network traffic for unusual activity indicative of exploitation attempts, including unexpected torch.load calls or anomalous file access patterns. 6) Engage with the vendor or community to track patch releases and apply updates promptly once available. 7) Consider alternative voice conversion solutions without this vulnerability if immediate risk reduction is critical. These steps go beyond generic advice by focusing on controlling the specific attack vector (unsafe deserialization via torch.load) and limiting the operational exposure of the vulnerable component.