RVC-Boss GPT-SoVITS-WebUI Unsafe Deserialization Vulnerability Leading to Remote Code Execution

A remote code execution vulnerability has been identified in RVC-Boss GPT-SoVITS-WebUI, specifically in versions through 20250228v3. The issue arises from an unsafe deserialization vulnerability in the 'vr.py' file within the AudioPre class. The vulnerability is triggered when the 'model_choose' variable accepts user input, such as a model path, and passes it to the 'uvr' function. In the 'uvr' function, a new instance of the AudioPre class is created with the user-provided model path, which is then used to load a model using 'torch.load'. This process can lead to unsafe deserialization, allowing for remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where GPT-SoVITS-WebUI is running.

Reproduction

To reproduce this vulnerability, upload a malicious model file to a location accessible by the GPT-SoVITS-WebUI. Then, in the web interface, select this model file. The application will load the model using 'torch.load', which will trigger the unsafe deserialization vulnerability. This can be done by creating a model file that, when loaded, executes arbitrary code on the server.