AI Sec Watch

CVE-2025-47995 is a vulnerability in Azure Machine Learning that involves weak authentication (a system that doesn't properly verify user identity), allowing someone who already has some access to gain elevated privileges (higher-level permissions) over a network. The vulnerability has a CVSS 4.0 severity rating, though a full assessment from NIST has not yet been provided.

Meta's new Llama 4 models (Scout and Maverick) were tested for security vulnerabilities using Protect AI's Recon tool, which runs 450+ attack prompts across six categories including jailbreaks (attempts to make AI ignore safety rules), prompt injection (tricking an AI by hiding instructions in its input), and evasion (using obfuscation to hide malicious requests). Both models received medium-risk scores (Scout: 58/100, Maverick: 52/100), with Scout showing particular vulnerability to jailbreak attacks at 67.3% success rate, though Maverick demonstrated better overall resilience.

GPT-SoVITS-WebUI, a tool for voice conversion and text-to-speech, has an unsafe deserialization vulnerability (CWE-502, a weakness where untrusted data is converted back into executable code) in versions 20250228v3 and earlier. The vulnerability exists in process_ckpt.py, where user input for a model file path is passed directly to torch.load without validation, allowing attackers to potentially execute arbitrary code. The vulnerability has a CVSS score (severity rating) of 8.9, indicating it is highly severe.

CVT-2025-49840 is an unsafe deserialization vulnerability (CWE-502, a security flaw where a program processes untrusted data without checking it first) in GPT-SoVITS-WebUI, a tool for voice conversion and text-to-speech. In versions 20250228v3 and earlier, the software unsafely loads user-provided model files using torch.load, allowing attackers to potentially execute malicious code. The vulnerability has a CVSS score (severity rating) of 8.9, indicating high risk.

GPT-SoVITS-WebUI, a tool for converting voices and generating speech from text, has a vulnerability in versions 20250228v3 and earlier where user input (like a file path) is passed directly to torch.load, a function that can execute malicious code when loading files. An attacker could exploit this by providing a specially crafted model file that runs unauthorized code on the system.

GPT-SoVITS-WebUI (a tool for converting voices and creating speech from text) has a vulnerability in versions 20250228v3 and earlier where user input for model file paths is passed unsafely to torch.load, a function that reads model files. This unsafe deserialization (loading files without proper security checks) could allow attackers to execute malicious code by providing a specially crafted model file.

GPT-SoVITS-WebUI, a tool for converting voices and generating speech from text, has an unsafe deserialization vulnerability (a flaw where untrusted data is converted back into code objects, potentially allowing attackers to run malicious code) in versions 20250228v3 and earlier. The vulnerability occurs because user-supplied file paths are directly passed to torch.load, a function that can execute arbitrary code during the deserialization process.

DSpace, an open-source application for storing and accessing digital files, has a vulnerability in versions before 7.6.4, 8.2, and 9.1 where it doesn't properly disable XML External Entity (XXE) injection, a technique where attackers embed malicious code in XML files to read sensitive files or steal data from the server). The vulnerability affects both the command-line import tool and the web interface's batch import feature, but only administrators can trigger it by importing archive files.

The EU published a General-Purpose AI Code of Practice in July 2025 to clarify how AI developers should comply with the EU AI Act's safety requirements, which had been ambiguously worded. The Code establishes a three-step framework for identifying, analyzing, and determining whether systemic risks (including CBRN threats, loss of control, cyber attacks, and harmful manipulation) are acceptable before deploying large AI models, along with requirements for continuous monitoring and incident reporting.