Unrated severityNVD Advisory· Published Mar 19, 2025· Updated Mar 20, 2025

Applio allows unsafe deserialization in infer.py

CVE-2025-27778

Description

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release.

Affected products

Applio/Appliollm-create
Range: <=3.2.8-bugfix
IAHispano/Appliov5
Range: <= 3.2.8-bugfix

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/infer/infer.pymitrex_refsource_MISC
github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/inference/inference.pymitrex_refsource_MISC
github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/tts/tts.pymitrex_refsource_MISC
github.com/IAHispano/Applio/commit/16019befdcbbff0b264a5e30785feef4b70df8d9mitrex_refsource_MISC
github.com/IAHispano/Applio/commit/eb21d9dd349a6ae1a28c440b30d306eafba65097mitrex_refsource_MISC
securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000