Security Advisory

CVE-2025-27785

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-19 20:35:10
Last updated 2025-03-19 20:47:30
Assigner GitHub_M
State PUBLISHED

Description

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.pys `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.