CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

July 16, 2025

CVE ID : CVE-2025-49840

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user input, here gpt_path is used to load a model with torch.load, leading to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

Next Article CVE-2025-49839 – GPT-SoVITS-WebUI Unvalidated Model Deserialization Vulnerability

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Cloudsmith launches ML Model Registry to provide a single source of truth for AI models and datasets

Kong Acquires OpenMeter to Unlock AI and API Monetization for the Agentic Era

Microsoft Graph CLI to be retired

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

The Xbox remaster that brought Gears to PlayStation just passed a huge milestone — “ending the console war” and proving the series still has serious pulling power

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Updates from N|Solid Runtime: The Best Open-Source Node.js RT Just Got Better

Scale Your Business with AI-Powered Solutions Built for Singapore’s Digital Economy

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Pennsylvania Attorney General’s Office Recovers from Ransomware Attack

CVE-2025-42599 – Active! Mail Stack-Based Buffer Overflow Vulnerability

Google’s NotebookLM Goes Public, But Microsoft’s Office Remains the Productivity Standard

CVE-2025-53792 – Azure Portal Unauthenticated Remote Command Injection

CVE-2025-53381 – Apache HTTP Server Unvalidated User Input

New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

Windows 11 24H2 Settings tells you if you have enough RAM or GPU for games

CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

Related Posts