PT-2025-11982 · Applio · Applio
Sylwia Budzynska
+1
·
Published
2025-03-19
·
Updated
2025-08-01
·
CVE-2025-27782
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Applio versions 3.2.8-bugfix and prior
Description
The issue affects a voice conversion tool and may lead to writing arbitrary files on the server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. The vulnerable component is the
inference.py file.Recommendations
For versions 3.2.8-bugfix and prior, as a temporary workaround, consider restricting access to the
inference.py file until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Applio