CVE-2025-27778

Critical CVSS 9.8

Overview

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio repository but not attached to a numbered release.

CWE: CWE-502 Published: 2025-03-19T21:15:39.727

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: deserialization, rce (tag impact: VERY HIGH)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags