CVE-2025-49838
Published: 15 July 2025
Summary
CVE-2025-49838 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Rvc-Boss Gpt-Sovits-Webui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates user-supplied model_choose input to ensure only trusted paths are used with torch.load, directly preventing unsafe deserialization of malicious .pth files.
Restricts the webUI to least functionality by disabling the vulnerable AudioPreDeEcho feature in vr.py, eliminating the deserialization attack surface.
Enforces boundary protection to restrict network access to the GPT-SoVITS-WebUI, mitigating remote unauthenticated exploitation of the deserialization vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unsafe deserialization via torch.load on user-controlled model path in the webUI enables remote code execution, exploiting a public-facing application.
NVD Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr…
more
function. In uvr, a new instance of AudioPreDeEcho class is created with the model_path attribute containing the aforementioned user input (here called locally model_name). Note that in this step the .pth extension is added to the path. In the AudioPreDeEcho class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2025-49838 is an unsafe deserialization vulnerability (CWE-502) in GPT-SoVITS-WebUI, an open-source voice conversion and text-to-speech web interface hosted under the RVC-Boss/GPT-SoVITS GitHub repository. It affects versions 20250228v3 and prior, specifically in the vr.py module's AudioPreDeEcho component. User input via the model_choose parameter, such as a model path, is passed to the uvr function, where it becomes the model_path attribute of an AudioPreDeEcho instance (with a .pth extension appended). This path is then loaded directly using torch.load, enabling arbitrary deserialization of untrusted data.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation involves supplying a malicious model path pointing to a crafted .pth file, which torch.load deserializes, potentially resulting in remote code execution with the privileges of the webUI process and high impacts to confidentiality, integrity, and availability.
GitHub Security Lab advisory GHSL-2025-049_GHSL-2025-053, along with referenced code locations in tools/uvr5/vr.py and webui.py, details the flaw but notes no patched versions were available at publication on 2025-07-15. Practitioners should restrict network access to the webUI, validate and sanitize model paths, or disable the affected AudioPreDeEcho functionality until upstream fixes are released.
This issue underscores deserialization risks in AI/ML web tools handling PyTorch models, as GPT-SoVITS-WebUI processes user-supplied paths in voice-related workflows with no observed real-world exploits reported at disclosure.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- GPT-SoVITS-WebUI is a web-based platform for AI-driven voice conversion and text-to-speech using PyTorch models, fitting 'Other Platforms' as it is an end-user AI application/UI rather than a framework, library, or specific domain tool.