CVE-2025-27775

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27775

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27775.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27775

Published

2025-03-19T20:42:47.335Z

Modified

2026-04-10T05:25:07.014312Z

Severity

8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

Applio allows SSRF and file write in model_download.py

Details

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in model_download.py (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27775.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Git / github.com/iahispano/applio

Affected ranges

Type

GIT

Repo

https://github.com/iahispano/applio

Events

Introduced

Last affected

29b4a00e4be209f9aac51cd9ccffcc632dfb2973

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.7"
        }
    ]
}

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.6

3.2.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27775.json"