CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

July 16, 2025

CVE ID : CVE-2025-49841

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new function in process_ckpt.py. In load_sovits_new, the user input, here sovits_path is used to load a model with torch.load, leading to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53905 – Vim Tar Plugin Path Traversal Vulnerability

Next Article CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

Highlights

CVE-2025-52376 – Nexxt Solutions NCM-X1800 Mesh Router Telnet Authentication Bypass

July 15, 2025

CVE ID : CVE-2025-52376

Published : July 15, 2025, 2:15 p.m. | 1 hour, 29 minutes ago

Description : An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible with hard-coded credentials, allowing attackers to gain administrative shell access and execute arbitrary commands on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Best Tools To Lower Ping And Lag In Online Games [2025 tested]

CNCF Triggers a Platform Parity Breakthrough for Arm64 and x86

Build generative AI solutions with Amazon Bedrock

CVE-2025-49126 – Visionatrix ComfyUI Reflected Cross-Site Scripting Vulnerability

CVE-2025-52376 – Nexxt Solutions NCM-X1800 Mesh Router Telnet Authentication Bypass

Your CarPlay is getting a major overhaul on iOS 26: 3 new features arriving to your dashboard

October is the Cyber Security Month: stats, events and advice

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

CVE-2025-49841 – SoVITS-WebUI Unchecked Deserialization Vulnerability

Related Posts