CVE-2025-27777 HIGH

CVE-2025-27777: Applio allows SSRF and file write in model_download.py

Vendor Iahispano
Product Applio
Weakness CWE-918 · SSRF
Published March 19, 2025
Last update March 20, 2025
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
March 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-44578 Next.js: Server-side request forgery in applications using WebSocket upgrades CVE-2026-45061 Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`) CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality CVE-2023-43654 TorchServe Server-Side Request Forgery CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery