CVE-2025-27780

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.8-bugfix and prior

Description Applio is a voice conversion tool vulnerable to unsafe deserialization in the model information.py file. The model name variable in model information.py accepts user-supplied input, such as a path to a model, and passes this value to the run model information script and subsequently to the model information function. This function loads the model using torch.load (located on line 16 in version 3.2.8-bugfix), which is susceptible to unsafe deserialization. This issue can potentially lead to remote code execution.

Recommendations Applio versions prior to 3.2.8-bugfix: Update to the latest version or apply the patch available in the main branch of the repository.