Critical severity9.1NVD Advisory· Published Mar 19, 2025· Updated Jun 17, 2026
CVE-2025-27786
CVE-2025-27786
Description
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. output_tts_path in tts.py takes arbitrary user input and passes it to run_tts_script function in core.py, which checks if the path in output_tts_path exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- IAHispano/Appliov5Range: <= 3.2.8-bugfix
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.