Cyber Resilience

CVE-2025-27777

High

Published: 19 March 2025

Published
19 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 49.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27777 is a high-severity SSRF (CWE-918) vulnerability in Applio Applio. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-27777 is a server-side request forgery (SSRF) vulnerability in Applio, an open-source voice conversion tool. Versions 3.2.7 and prior are affected, with the flaw located in the `model_download.py` file at line 195. This blind SSRF allows attackers to force the Applio server to send requests on their behalf, as documented in the CVE description and referenced GitHub code locations including `assets/flask/routes.py` and `tabs/download/download.py`. The vulnerability is rated 7.5 (High) under CVSS 3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-918.

Any unauthenticated attacker with network access to the Applio server can exploit this blind SSRF to probe for other vulnerabilities on the server itself or on backend systems reachable by the Applio server within the internal network. Exploitation enables port scanning, service discovery, or chaining with other issues, such as the arbitrary file read in CVE-2025-27784, to achieve full SSRF and read files from internal hosts accessible to the server.

The GitHub Security Lab advisory (GHSL-2024-341_GHSL-2024-353_Applio) details the issue but notes that, as of publication on 2025-03-19, no patches are available for this vulnerability. Security practitioners should monitor the Applio repository for updates and consider network segmentation or disabling the affected model download functionality until remediation is released.

EU & UK References

Vulnerability details

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to…

more

probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in public-facing web app directly enables exploitation via T1190; blind SSRF facilitates internal port scanning and service discovery via T1046.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27778Same product: Applio Applio
CVE-2025-27780Same product: Applio Applio
CVE-2025-27779Same product: Applio Applio
CVE-2025-27786Same product: Applio Applio
CVE-2025-27781Same product: Applio Applio
CVE-2025-27782Same product: Applio Applio
CVE-2025-27785Same product: Applio Applio
CVE-2025-27787Same product: Applio Applio
CVE-2025-27783Same product: Applio Applio
CVE-2025-27784Same product: Applio Applio

Affected Assets

applio
applio
≤ 3.2.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of user-supplied inputs like URLs in model_download.py to block malicious SSRF requests to internal systems.

prevent

Implements boundary protections such as firewalls to restrict Applio server's outbound access to internal network resources exploitable via blind SSRF.

prevent

Enforces information flow policies to prevent unauthorized requests from the Applio server to backend systems during SSRF exploitation.

References