CVE-2025-27783

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.8-bugfix and prior

Description The issue affects a voice conversion tool, allowing for arbitrary file write in the train.py file. This can lead to writing arbitrary files on the server and potentially achieve remote code execution when combined with unsafe deserialization.

Recommendations For versions 3.2.8-bugfix and prior, as a temporary workaround, consider restricting access to the train.py file until a patch is available. Avoid using the vulnerable function in conjunction with unsafe deserialization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.