CVE-2025-27777

High

Published: 19 March 2025

Published

19 March 2025

Modified

01 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0026 49.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27777 is a high-severity SSRF (CWE-918) vulnerability in Applio Applio. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of user-supplied inputs like URLs in model_download.py to block malicious SSRF requests to internal systems.

SC-7 Boundary Protection good match

prevent

Implements boundary protections such as firewalls to restrict Applio server's outbound access to internal network resources exploitable via blind SSRF.

AC-4 Information Flow Enforcement good match

prevent

Enforces information flow policies to prevent unauthorized requests from the Applio server to backend systems during SSRF exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

Why these techniques?

SSRF in public-facing web app directly enables exploitation via T1190; blind SSRF facilitates internal port scanning and service discovery via T1046.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to…

probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available.

Deeper analysisAI

CVE-2025-27777 is a server-side request forgery (SSRF) vulnerability in Applio, an open-source voice conversion tool. Versions 3.2.7 and prior are affected, with the flaw located in the `model_download.py` file at line 195. This blind SSRF allows attackers to force the Applio server to send requests on their behalf, as documented in the CVE description and referenced GitHub code locations including `assets/flask/routes.py` and `tabs/download/download.py`. The vulnerability is rated 7.5 (High) under CVSS 3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-918.

Any unauthenticated attacker with network access to the Applio server can exploit this blind SSRF to probe for other vulnerabilities on the server itself or on backend systems reachable by the Applio server within the internal network. Exploitation enables port scanning, service discovery, or chaining with other issues, such as the arbitrary file read in CVE-2025-27784, to achieve full SSRF and read files from internal hosts accessible to the server.

The GitHub Security Lab advisory (GHSL-2024-341_GHSL-2024-353_Applio) details the issue but notes that, as of publication on 2025-03-19, no patches are available for this vulnerability. Security practitioners should monitor the Applio repository for updates and consider network segmentation or disabling the affected model download functionality until remediation is released.

Details

CWE(s): CWE-918

Affected Products

applio

≤ 3.2.7

CVEs Like This One

CVE-2025-27778Same product: Applio Applio

CVE-2025-27782Same product: Applio Applio

CVE-2025-27780Same product: Applio Applio

CVE-2025-27785Same product: Applio Applio

CVE-2025-27781Same product: Applio Applio

CVE-2025-27783Same product: Applio Applio

CVE-2025-27786Same product: Applio Applio

CVE-2025-27779Same product: Applio Applio

CVE-2025-27787Same product: Applio Applio

CVE-2025-27784Same product: Applio Applio

References

https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14
Product · security-advisories@github.com
https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L195
Product · security-advisories@github.com
https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/download/download.py#L192-L196
Product · security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/
Third Party Advisory · security-advisories@github.com