CVE-2025-27777

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.7 and prior

Description Applio is a voice conversion tool. The issue allows for server-side request forgery (SSRF) in model download.py, which can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network. The blind SSRF can also be coupled with an arbitrary file read to read files from hosts on the internal network.

Recommendations For versions 3.2.7 and prior, as a temporary workaround, consider disabling the model download.py function until a patch is available. Restrict access to the vulnerable model download.py module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.