CVE-2025-27785

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27785
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27785.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27785
Published
2025-03-19T20:35:10.662Z
Modified
2026-04-10T05:25:06.991224Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Applio allows arbitrary file read in train.py export_index function
Details

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's export_index function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27785.json",
    "cwe_ids": [
        "CWE-200",
        "CWE-22"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/iahispano/applio

Affected ranges

Type
GIT
Repo
https://github.com/iahispano/applio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92ac552f97ee8b5697eef35350693ab3b1ecce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.8-bugfix"
        }
    ]
}

Affected versions

3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.6
3.2.7
3.2.8-bugfix

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27785.json"