CVE-2025-49841 is a high-severity vulnerability affecting GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability arises from unsafe deserialization of untrusted data in the process_ckpt.py module, specifically within the load_sovits_new function. The variable SoVITS_dropdown accepts user input, which is then passed as sovits_path to torch.load for loading machine learning models. Since torch.load deserializes data, if an attacker controls the input, they can craft malicious serialized objects that execute arbitrary code during deserialization. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data), a common and dangerous flaw that can lead to remote code execution without requiring authentication or user interaction. The affected versions are all releases up to and including 20250228v3. At the time of publication, no patches or mitigations have been released, and no known exploits are currently observed in the wild. The CVSS 4.0 base score is 8.9, reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. This vulnerability allows an attacker to fully compromise the system running GPT-SoVITS-WebUI by remotely executing arbitrary code, potentially leading to data theft, service disruption, or pivoting within the network.

For European organizations utilizing GPT-SoVITS-WebUI, particularly those in research, media production, or AI development sectors, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive voice data, intellectual property, or internal systems. Given the high impact on confidentiality, integrity, and availability, attackers could manipulate voice conversion outputs, disrupt services, or use compromised systems as footholds for broader network attacks. The lack of authentication or user interaction requirements means that exposed instances are highly vulnerable to automated exploitation. This could affect cloud-hosted deployments or on-premises installations, potentially impacting compliance with GDPR and other data protection regulations due to unauthorized data access or breaches. The absence of patches increases the window of exposure, necessitating immediate risk management measures.

Since no official patches are available, European organizations should implement the following specific mitigations: 1) Restrict network exposure of GPT-SoVITS-WebUI instances by placing them behind firewalls or VPNs to limit access to trusted users only. 2) Employ strict input validation and sanitization on the SoVITS_dropdown input to prevent malicious serialized data from being processed. 3) If feasible, disable or replace the use of torch.load for loading user-supplied models with safer alternatives that do not perform deserialization, or implement custom deserialization routines with strict type whitelisting. 4) Monitor logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected model load requests or anomalous system behavior. 5) Conduct regular security audits and consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and block exploitation attempts. 6) Engage with the vendor or open-source community to track patch releases and apply updates promptly once available.