CVE-2025-27786
EUVD-2025-679619.03.2025, 21:15
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbitrary user input and passes it to `run_tts_script` function in core.py, which checks if the path in `output_tts_path` exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| applio | applio | 𝑥 ≤ 3.2.8-bugfix |
𝑥
= Vulnerable software versions