CVE-2025-27786

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbitrary user input and passes it to `run_tts_script` function in core.py, which checks if the path in `output_tts_path` exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/core.py#L329	Product
https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/tts/tts.py#L133	Product
https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:applio:applio:*:*:*:*:*:*:*:*

History

01 Aug 2025, 16:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:applio:applio::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
First Time		Applio applio Applio
References	~~() https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/core.py#L329 -~~	() https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/core.py#L329 - Product
References	~~() https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/tts/tts.py#L133 -~~	() https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/tts/tts.py#L133 - Product
References	~~() https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/ -~~	() https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/ - Vendor Advisory
Summary		(es) Applio es una herramienta de conversión de voz. Las versiones 3.2.8 (corrección de errores) y anteriores son vulnerables a la eliminación arbitraria de archivos en core.py. La función `output_tts_path` de tts.py toma la entrada arbitraria del usuario y la pasa a la función `run_tts_script` de core.py, que comprueba si la ruta en `output_tts_path` existe y, de ser así, la elimina, lo que provoca la eliminación arbitraria de archivos. Al momento de la publicación, no se conocían parches disponibles.

19 Mar 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 21:15

Updated : 2025-08-01 16:12

NVD link : CVE-2025-27786

Mitre link : CVE-2025-27786

CVE.ORG link : CVE-2025-27786

JSON object : View

Products Affected

applio

applio

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.1 /10