
We found results for “”
CVE-2025-27786
Good to know:

Date: March 19, 2025
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. "output_tts_path" in tts.py takes arbitrary user input and passes it to "run_tts_script" function in core.py, which checks if the path in "output_tts_path" exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix

Upgrade Version
Upgrade to version https://github.com/IAHispano/Applio.git - null
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |