CVE-2025-27783

High CVSS: 7.7

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of time of publication, no known patches are available.

Vendor

Applio

Product

Applio

CWE

CWE-22

Yayın Tarihi

2025-03-19 21:15:40

Güncelleme

2025-08-01 16:26:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Applio HIGH Applio 2025

Referanslar

https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/train/train.py#L212-L225 https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/train/train.py#L484-L491 https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/inference/inference.py#L295 https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/

Benzer Kayıtlar

High

CVE-2025-27781

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference…

High

CVE-2025-27782

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.p…

High

CVE-2025-27784

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `…

High

CVE-2025-27785

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `…

High

CVE-2025-27786

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py.…

High

CVE-2025-27787

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service (DoS) in restart.…