CVE-2025-27778
- Source
- https://cve.org/CVERecord?id=CVE-2025-27778
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27778.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-27778
- Published
- 2025-03-19T20:42:19.866Z
- Modified
- 2025-12-02T08:09:35.904030Z
- Severity
-
- 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Applio allows unsafe deserialization in infer.py
- Details
-
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in
infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on themainbranch of the Applio repository but not attached to a numbered release. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27778.json", "cwe_ids": [ "CWE-502" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27778.json
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/infer/infer.py#L464
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/inference/inference.py#L338-L345
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/tts/tts.py#L50-L57
- https://github.com/IAHispano/Applio/commit/16019befdcbbff0b264a5e30785feef4b70df8d9
- https://github.com/IAHispano/Applio/commit/eb21d9dd349a6ae1a28c440b30d306eafba65097
- https://nvd.nist.gov/vuln/detail/CVE-2025-27778
- https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/
Affected packages
Git / github.com/iahispano/applio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/iahispano/applio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed