CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

July 16, 2025

CVE ID : CVE-2025-49841

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new function in process_ckpt.py. In load_sovits_new, the user input, here sovits_path is used to load a model with torch.load, leading to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53905 – Vim Tar Plugin Path Traversal Vulnerability

Next Article CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

Highlights

CVE-2025-49002 – DataEase Case Insensitive Patch Bypass Vulnerability

June 3, 2025

CVE ID : CVE-2025-49002

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

CVE-2025-5789 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

CoreChess – chess GUI for chess engines

Inclusivity with Voice & Language [SUBSCRIBER]

CVE-2025-49002 – DataEase Case Insensitive Patch Bypass Vulnerability

What Is Agentic AI — And Why It’s the Next Big Thing in Automation🤖

CVE-2025-5222 – ICU Buffer Overflow Vulnerability

Dems demand audit of CVE program as Federal funding remains uncertain

CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

Related Posts