CVE-2025-49841

Name of the Vulnerable Software and Affected Versions GPT-SoVITS-WebUI versions 20250228v3 and prior

Description GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists in process ckpt.py due to unsafe deserialization. The SoVITS dropdown variable accepts user input, which is then passed to the load sovits new function within process ckpt.py. The sovits path input is used with torch.load to load a model, resulting in unsafe deserialization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.