CVE-2025-27778 HIGH

CVE-2025-27778: Applio allows unsafe deserialization in infer.py

Vendor Iahispano
Product Applio
Weakness CWE-502 · Unsafe deserialization
Published March 19, 2025
Last update March 20, 2025

CVSS base score

8.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio repository but not attached to a numbered release.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
March 20, 2025 Record updated