CVE-2025-27784

High CVSS: 7.7

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.

Vendor

Applio

Product

Applio

CWE

CWE-200

Yayın Tarihi

2025-03-19 21:15:40

Güncelleme

2025-08-01 16:24:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Applio HIGH Applio 2025

Referanslar

https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/train/train.py#L267 https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/train/train.py#L801 https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/

Benzer Kayıtlar

High

CVE-2025-27781

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference…

High

CVE-2025-27782

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.p…

High

CVE-2025-27783

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. T…

High

CVE-2025-27785

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `…

High

CVE-2025-27786

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py.…

High

CVE-2025-27787

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service (DoS) in restart.…