RVC-Boss GPT-SoVITS-WebUI Unsafe Deserialization Vulnerability in AudioPreDeEcho Class Allowing Remote Code Execution

A remote code execution vulnerability exists in the GPT-SoVITS-WebUI voice conversion and text-to-speech application, specifically in versions through 20250228v3. The issue arises from unsafe deserialization in the vr.py file, within the AudioPreDeEcho class. The vulnerability is triggered when the model_choose variable accepts user input, such as a model path, and passes it to the uvr function. The uvr function then creates a new instance of the AudioPreDeEcho class, adding a .pth extension to the user-provided path before using it to load a model with torch.load. This process can lead to arbitrary code execution by allowing the execution of malicious payloads embedded within the model file.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where GPT-SoVITS-WebUI is running.

Reproduction

To reproduce this vulnerability, upload a model file with a .pth extension that contains a malicious payload into the GPT-SoVITS-WebUI application. Then, select this model through the user interface, which will trigger the unsafe deserialization when the model is loaded.