CVE-2025-27784

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27784
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27784.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27784
Published
2025-03-19T20:41:32.140Z
Modified
2026-04-10T05:25:06.995537Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Applio allows arbitrary file read in train.py export_pth function
Details

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's export_pth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27784.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/iahispano/applio

Affected ranges

Type
GIT
Repo
https://github.com/iahispano/applio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92ac552f97ee8b5697eef35350693ab3b1ecce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.8-bugfix"
        }
    ]
}

Affected versions

3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.6
3.2.7
3.2.8-bugfix

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27784.json"