icon

We found results for “

CVE-2025-27786

Good to know:

icon

Date: March 19, 2025

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. "output_tts_path" in tts.py takes arbitrary user input and passes it to "run_tts_script" function in core.py, which checks if the path in "output_tts_path" exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/IAHispano/Applio.git - null

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us