CVE-2025-27786
- EPSS 0.15%
- Published 19.03.2025 20:37:35
- Last modified 01.08.2025 16:12:56
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbitrary user input and passes it to `run_tts_script` function in core.py, which checks if the ...
CVE-2025-27785
- EPSS 0.12%
- Published 19.03.2025 20:35:10
- Last modified 01.08.2025 16:19:54
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction wi...
CVE-2025-27781
- EPSS 2.62%
- Published 19.03.2025 20:22:38
- Last modified 01.08.2025 16:35:50
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. `model_file` in inference.py as well as `model_file` in tts.py take user-supplied input (e.g. a path to a model) and pass tha...
CVE-2025-27780
- EPSS 2.51%
- Published 19.03.2025 20:16:31
- Last modified 01.08.2025 16:38:11
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a path to a model) and pass that value to the `r...