CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

PT-2025-11980 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool vulnerable to unsafe deserialization in infer.py. This issue can lead to remote code execution. A fix was available on the main branch of the Applio...

PT-2025-11965 · Applio +1 · Applio +1

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool. The issue concerns unsafe deserialization in the tool, specifically in the inference.py file. The model file variable in both inference.py and tts.py takes...

PT-2025-11981 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool vulnerable to unsafe deserialization in model blender.py lines 20 and 21. The functions model fusion a and model fusion b from voice blender.py accept...

PT-2025-11977 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool vulnerable to server-side request forgery SSRF and file write within the model download.py file line 143 in version 3.2.7. The SSRF allows sending requests on beha...