AI Sec Watch

CVT-2025-49840 is an unsafe deserialization vulnerability (CWE-502, a security flaw where a program processes untrusted data without checking it first) in GPT-SoVITS-WebUI, a tool for voice conversion and text-to-speech. In versions 20250228v3 and earlier, the software unsafely loads user-provided model files using torch.load, allowing attackers to potentially execute malicious code. The vulnerability has a CVSS score (severity rating) of 8.9, indicating high risk.

GPT-SoVITS-WebUI, a tool for converting voices and generating speech from text, has a vulnerability in versions 20250228v3 and earlier where user input (like a file path) is passed directly to torch.load, a function that can execute malicious code when loading files. An attacker could exploit this by providing a specially crafted model file that runs unauthorized code on the system.

GPT-SoVITS-WebUI (a tool for converting voices and creating speech from text) has a vulnerability in versions 20250228v3 and earlier where user input for model file paths is passed unsafely to torch.load, a function that reads model files. This unsafe deserialization (loading files without proper security checks) could allow attackers to execute malicious code by providing a specially crafted model file.

GPT-SoVITS-WebUI, a tool for converting voices and generating speech from text, has an unsafe deserialization vulnerability (a flaw where untrusted data is converted back into code objects, potentially allowing attackers to run malicious code) in versions 20250228v3 and earlier. The vulnerability occurs because user-supplied file paths are directly passed to torch.load, a function that can execute arbitrary code during the deserialization process.

DSpace, an open-source application for storing and accessing digital files, has a vulnerability in versions before 7.6.4, 8.2, and 9.1 where it doesn't properly disable XML External Entity (XXE) injection, a technique where attackers embed malicious code in XML files to read sensitive files or steal data from the server). The vulnerability affects both the command-line import tool and the web interface's batch import feature, but only administrators can trigger it by importing archive files.

The EU published a General-Purpose AI Code of Practice in July 2025 to clarify how AI developers should comply with the EU AI Act's safety requirements, which had been ambiguously worded. The Code establishes a three-step framework for identifying, analyzing, and determining whether systemic risks (including CBRN threats, loss of control, cyber attacks, and harmful manipulation) are acceptable before deploying large AI models, along with requirements for continuous monitoring and incident reporting.

In Q2 2025, attackers exploited GPT-4.1 by embedding malicious hidden instructions within tool descriptions, a technique called tool poisoning (hiding harmful prompts inside the text that describes what a tool does). When the AI interacted with these poisoned tools, it unknowingly executed unauthorized actions and leaked sensitive data without the user's knowledge.

A ReDoS (regular expression denial of service, where carefully designed text input causes a regex pattern to consume excessive CPU) vulnerability was found in the Hugging Face Transformers library's DonutProcessor class, affecting versions 4.50.3 and earlier. The vulnerable regex pattern can be exploited through crafted input strings to cause the system to slow down or crash, disrupting document processing tasks that use the Donut model.

A WordPress plugin called 'Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery' has a vulnerability called Stored Cross-Site Scripting (XSS, where an attacker can hide malicious code in a webpage that runs when others view it) in versions up to 26.0.8. Attackers with Author-level permissions or higher can inject harmful scripts through the upload title field because the plugin doesn't properly clean and secure user input.