CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of AudioPre class is created with the model_path attribute containing the aforementioned user input (here called locally model_name). Note that in this step the .pth extension is added to the path. In the AudioPre class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available.

CVSS

No CVSS.

References

Link	Resource
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/vr.py#L32
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L157
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L192-L205
https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L64-L70
https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/

Configurations

No configuration.

History

16 Jul 2025, 14:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-15 21:15

Updated : 2025-07-16 14:58

NVD link : CVE-2025-49837

Mitre link : CVE-2025-49837

CVE.ORG link : CVE-2025-49837

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-49837", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-15T21:15:32.463", "references": [{"url": "https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/vr.py#L32", "source": "security-advisories@github.com"}, {"url": "https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L157", "source": "security-advisories@github.com"}, {"url": "https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L192-L205", "source": "security-advisories@github.com"}, {"url": "https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/tools/uvr5/webui.py#L64-L70", "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of AudioPre class is created with the model_path attribute containing the aforementioned user input (here called locally model_name). Note that in this step the .pth extension is added to the path. In the AudioPre class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available."}, {"lang": "es", "value": "GPT-SoVITS-WebUI es una interfaz web de conversi\u00f3n de voz y texto a voz. En las versiones 20250228v3 y anteriores, existe una vulnerabilidad de deserializaci\u00f3n insegura en vr.py AudioPre. La variable model_choose recibe la entrada del usuario (por ejemplo, la ruta a un modelo) y la pasa a la funci\u00f3n uvr. En uvr, se crea una nueva instancia de la clase AudioPre con el atributo model_path que contiene la entrada del usuario mencionada (aqu\u00ed denominada localmente como model_name). Tenga en cuenta que en este paso se a\u00f1ade la extensi\u00f3n .pth a la ruta. En la clase AudioPre, la entrada del usuario, aqu\u00ed denominada model_path, se utiliza para cargar el modelo en esa ruta con torch.load, lo que puede provocar una deserializaci\u00f3n insegura. Al momento de la publicaci\u00f3n, no se conocen versiones parcheadas."}], "lastModified": "2025-07-16T14:58:59.837", "sourceIdentifier": "security-advisories@github.com"}