CVE-2025-49840

Name of the Vulnerable Software and Affected Versions GPT-SoVITS-WebUI versions 20250228v3 and prior

Description GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. An unsafe deserialization issue exists in the inference webui.py file. The application takes user input via the gpt path variable and passes it to the torch.load function, resulting in unsafe deserialization. The GPT dropdown variable receives user input which is then passed to the change gpt weights function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.