Home > Vulnerability Database > CVE-2025-27782

Mend.io Vulnerability Database

CVE-2025-27782

Good to know:

Date: March 19, 2025

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of time of publication, no known patches are available.

Severity Score

9.8

Related Resources (7)

Url: https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/inference/inference.py#L1632-L1645

Url: https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/inference/inference.py#L295

Url: https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/tts/tts.py#L309-L322

Url: https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/inference/inference.py#L989-L1002

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27782

Url: https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/

Url: https://www.mend.io/vulnerability-database/CVE-2025-27782

Severity Score

9.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version https://github.com/IAHispano/Applio.git - no_fix

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27782

Good to know:

Date: March 19, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?