CVE-2025-54582 – Netty Deserialization Vulnerability

July 30, 2025

CVE ID : CVE-2025-54582

Published : July 30, 2025, 8:15 p.m. | 3 hours, 29 minutes ago

Description : Rejected reason: Reason: This candidate was issued in error. Valid Netty requests are issued via https://github.com/netty/netty.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54584 – GitProxy Git Packfile Signature Bypass Vulnerability

Next Article CVE-2025-8331 – Code-projects Online Farm System SQL Injection Vulnerability

Highlights

CVE-2025-49838 – GPT-SoVITS-WebUI Deserialize Vulnerability

July 16, 2025

CVE ID : CVE-2025-49838

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of AudioPreDeEcho class is created with the model_path attribute containing the aforementioned user input (here called locally model_name). Note that in this step the .pth extension is added to the path. In the AudioPreDeEcho class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

Understanding the code modernization conundrum

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

This handy NordVPN tool flags scam calls on Android – even before you answer

Route Optimization through Laravel’s Shallow Resource Architecture

Route Optimization through Laravel’s Shallow Resource Architecture

This Week in Laravel: Laracon News, Free Laravel Idea, and Claude Code Course

Everything We Know About Pest 4

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

Windows 11’s MSN Widgets board now opens in default browser, such as Chrome (EU only)

Microsoft’s new “move to Windows 11” campaign implies buying OneDrive paid plan

CVE-2025-54582 – Netty Deserialization Vulnerability

The hidden risks of browser extensions – and how to stay safe

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

CVE-2025-50032 – Paytiko for WooCommerce Missing Authorization Vulnerability

CVE-2025-4189 – WordPress Audio Comments Plugin CSRF

Recent Windows 11 update lets you disable profanity filter in voice typing

CVE-2024-40114 – Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation

CVE-2025-49838 – GPT-SoVITS-WebUI Deserialize Vulnerability

CVE-2025-4098 – Horner Automation Cscape Out-of-Bounds Read Vulnerability

How I turned my Apple Watch into a dumbphone (and why you should, too)

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks

CVE-2025-54582 – Netty Deserialization Vulnerability

Related Posts