PT-2025-11982 · Applio · Applio

Sylwia Budzynska

Publicado

2025-03-19

Atualizado

2025-08-01

CVE-2025-27782

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.8-bugfix and prior

Description The issue affects a voice conversion tool and may lead to writing arbitrary files on the server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. The vulnerable component is the inference.py file.

Recommendations For versions 3.2.8-bugfix and prior, as a temporary workaround, consider restricting access to the inference.py file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2025-27782

Produtos afetados

Applio

PT-2025-11982 · Applio · Applio

CVE-2025-27782

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13