CVE-2025-27775

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.7 and prior

Description Applio is a voice conversion tool vulnerable to server-side request forgery (SSRF) and file write within the model download.py file (line 143 in version 3.2.7). The SSRF allows sending requests on behalf of the Applio server, potentially enabling probing for other vulnerabilities on the server or internal network systems accessible to the Applio server. The file write capability allows writing files on the server, which, in conjunction with other vulnerabilities like unsafe deserialization, could lead to remote code execution on the Applio server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.