CVE-2025-27778

moderate-risk
Published 2025-03-19

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio repository but not attached to a numbered release.

Do I need to act?

~
5.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 16019befdcbbff0b264a5e30785feef4b70df8d9, eb21d9dd349a6ae1a28c440b30d306eafba65097
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Applio

References (6)

Product https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb297...
Product https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb297...
Product https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb297...
Patch https://github.com/IAHispano/Applio/commit/16019befdcbbff0b264a5e30785feef4b70df...
Patch https://github.com/IAHispano/Applio/commit/eb21d9dd349a6ae1a28c440b30d306eafba65...
Vendor Advisory https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal