VYPR
Critical severity9.1NVD Advisory· Published Mar 19, 2025· Updated Jun 17, 2026

CVE-2025-27786

CVE-2025-27786

Description

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. output_tts_path in tts.py takes arbitrary user input and passes it to run_tts_script function in core.py, which checks if the path in output_tts_path exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitHub/Appliollm-create
    Range: <=3.2.8-bugfix
  • Applio/Appliollm-fuzzy
    Range: <=3.2.8-bugfix
  • IAHispano/Appliov5
    Range: <= 3.2.8-bugfix

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.