GPT-SoVITS-WebUI Unsafe Deserialization Vulnerability in Roformer Loader Class Allowing Remote Code Execution

A vulnerability allowing unsafe deserialization has been identified in the GPT-SoVITS-WebUI project, specifically in versions through 20250228v3. The issue arises in the bsroformer.py file within the Roformer_Loader class. The vulnerability is triggered when user input, such as a model path, is passed to the uvr function. This input is then used to create an instance of the Roformer_Loader class, where the model path is appended with a .ckpt extension and loaded using torch.load. This process can lead to remote code execution by deserializing maliciously crafted data.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where GPT-SoVITS-WebUI is running.

Reproduction

To reproduce this vulnerability, upload a malicious model file with a .ckpt extension through the web interface. The file should be crafted to execute arbitrary code when loaded by the application. Once uploaded, the model can be selected in the 'model_choose' dropdown, and the '转换' (Convert) button can be clicked to trigger the vulnerability. The application will process the file using the Roformer_Loader class, leading to unsafe deserialization and remote code execution.