CVE-2025-49841 is a high-severity vulnerability affecting GPT-SoVITS-WebUI, a voice conversion and text-to-speech web user interface developed by RVC-Boss. The vulnerability arises from unsafe deserialization of untrusted data in the process_ckpt.py module, specifically in the load_sovits_new function. The variable SoVITS_dropdown accepts user input, which is then passed as sovits_path to torch.load without proper validation or sanitization. Torch.load is known to deserialize data, and if the input is maliciously crafted, it can lead to arbitrary code execution or other malicious behavior. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data), which is a critical security flaw because deserialization processes often allow attackers to execute arbitrary code if they can control the input. The affected versions include all releases up to and including 20250228v3. At the time of publication, no patches or mitigations have been officially released. The CVSS 4.0 score is 8.9, indicating a high severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are currently in the wild, but the ease of exploitation and the critical nature of the flaw make it a significant risk for users of GPT-SoVITS-WebUI.

For European organizations using GPT-SoVITS-WebUI, this vulnerability poses a serious risk. Exploitation could allow attackers to execute arbitrary code remotely, potentially leading to full system compromise, data theft, or disruption of services. Organizations relying on voice conversion or text-to-speech services for customer interaction, accessibility, or internal communications could face operational disruptions or reputational damage. Given the high impact on confidentiality, integrity, and availability, sensitive data processed or stored by these systems could be exposed or manipulated. Additionally, since the vulnerability requires no authentication or user interaction, attackers can exploit it remotely and without user awareness, increasing the risk of widespread attacks. The lack of patches further exacerbates the threat, leaving organizations exposed until mitigations or updates are available.

1. Immediate mitigation should include isolating GPT-SoVITS-WebUI instances from public networks to reduce exposure. 2. Implement strict input validation and sanitization on the SoVITS_dropdown input to prevent malicious payloads from being processed. 3. Employ application-layer firewalls or intrusion detection/prevention systems to monitor and block suspicious deserialization attempts targeting torch.load. 4. Consider disabling or restricting the use of torch.load for loading models from untrusted sources until a patch is available. 5. Monitor vendor communications and security advisories closely for updates or patches addressing this vulnerability. 6. As a longer-term solution, refactor the codebase to replace unsafe deserialization with safer alternatives, such as using secure serialization libraries or verifying the integrity and authenticity of model files before loading. 7. Conduct regular security audits and penetration testing focusing on deserialization vulnerabilities in machine learning model loading components.