CVE-2025-27783

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27783
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27783.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27783
Published
2025-03-19T20:41:41.214Z
Modified
2026-04-10T05:25:06.997383Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Applio allows arbitrary file write in train.py
Details

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of time of publication, no known patches are available.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27783.json"
}
References

Affected packages

Git / github.com/iahispano/applio

Affected ranges

Type
GIT
Repo
https://github.com/iahispano/applio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92ac552f97ee8b5697eef35350693ab3b1ecce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.8-bugfix"
        }
    ]
}

Affected versions

3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.6
3.2.7
3.2.8-bugfix

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27783.json"