CVE-2025-49840
📋 TL;DR
This vulnerability allows remote code execution through unsafe deserialization in GPT-SoVITS-WebUI. Attackers can exploit the GPT_dropdown input to execute arbitrary code on the server when loading models. All users running vulnerable versions of GPT-SoVITS-WebUI are affected.
💻 Affected Systems
- GPT-SoVITS-WebUI
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.
Likely Case
Remote code execution leading to data theft, service disruption, or cryptocurrency mining malware installation.
If Mitigated
Limited impact if proper network segmentation and input validation are implemented, though risk remains.
🎯 Exploit Status
Exploitation requires minimal technical skill as the vulnerability is in a web interface with clear attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: None available
Restart Required: Yes
Instructions:
No official patch available. Monitor GitHub repository for updates and apply immediately when released.
🔧 Temporary Workarounds
Disable Web Interface
allRemove or disable the web interface component to prevent remote exploitation.
# Stop the web service
sudo systemctl stop gpt-sovits
# Or kill the process
pkill -f inference_webui.py
Network Isolation
linuxRestrict network access to the service using firewall rules.
# Linux iptables example
sudo iptables -A INPUT -p tcp --dport [PORT] -s [TRUSTED_IP] -j ACCEPT
sudo iptables -A INPUT -p tcp --dport [PORT] -j DROP
🧯 If You Can't Patch
- Immediately take the service offline until a patch is available
- Implement strict network segmentation and allow only trusted IPs to access the service
🔍 How to Verify
Check if Vulnerable:
Check if running GPT-SoVITS-WebUI version 20250228v3 or earlier by examining the version in the web interface or checking the source code.Check Version:
Check the web interface or examine the project files for version informationVerify Fix Applied:
When a patch is released, verify the inference_webui.py file no longer passes user input directly to torch.load() in the change_gpt_weights function.📡 Detection & Monitoring
Log Indicators:
- Unusual model loading attempts
- Errors from torch.load with unexpected file paths
- Unusual process execution following web requests
Network Indicators:
- HTTP POST requests to model loading endpoints with suspicious parameters
- Outbound connections from the service to unexpected destinations
SIEM Query:
source="web_logs" AND (url="*change_gpt_weights*" OR url="*inference_webui*") AND (param="*GPT_dropdown*" OR param="*gpt_path*")🔗 References
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L310
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L872
- https://github.com/RVC-Boss/GPT-SoVITS/blob/165882d64f474b3563fa91adc1a679436ae9c3b8/GPT_SoVITS/inference_webui.py#L927
- https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/
- https://securitylab.github.com/advisories/GHSL-2025-049_GHSL-2025-053_RVC-Boss_GPT-SoVITS/
