Cyber Resilience

CVE-2025-27782

HighPublic PoC

Published: 19 March 2025

Published
19 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1536 94.8th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27782 is a high-severity Path Traversal (CWE-22) vulnerability in Applio Applio. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Applio, an open-source voice conversion tool, is affected by an arbitrary file write vulnerability in versions 3.2.8-bugfix and earlier. The flaw, tracked as CWE-22, resides in inference.py and permits writing to arbitrary paths on the server; the same code paths can be chained with unsafe deserialization to obtain remote code execution. The issue carries a CVSS 4.0 score of 7.7 with a network attack vector and no required authentication or user interaction.

An unauthenticated attacker can send crafted requests directly to the inference endpoints, causing the application to write attacker-controlled content to any location on the underlying filesystem. Successful exploitation can therefore corrupt configuration files, overwrite application code, or stage malicious payloads that lead to full remote code execution when combined with the deserialization weakness.

Public references, including the GitHub Security Lab advisory GHSL-2024-341, confirm the vulnerable code locations but state that no patches were available at the time of disclosure. The EPSS score has remained in the 0.15–0.19 range without a pronounced post-disclosure climb.

EU & UK References

Vulnerability details

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe…

more

deserialization to achieve remote code execution. As of time of publication, no known patches are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

The vulnerability is a critical unauthenticated arbitrary file write in a public-facing Applio server application that chains with unsafe deserialization to enable RCE, directly mapping to T1190 for initial exploitation and T1059.006 for Python-based command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27783Same product: Applio Applio
CVE-2025-27786Same product: Applio Applio
CVE-2025-27780Same product: Applio Applio
CVE-2025-27779Same product: Applio Applio
CVE-2025-27781Same product: Applio Applio
CVE-2025-27785Same product: Applio Applio
CVE-2025-27787Same product: Applio Applio
CVE-2025-27778Same product: Applio Applio
CVE-2025-27777Same product: Applio Applio
CVE-2025-27784Same product: Applio Applio

Affected Assets

applio
applio
≤ 3.2.8-bugfix

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates information inputs to inference.py and tts.py to block arbitrary file paths and prevent CWE-22 arbitrary file writes.

prevent

Establishes a risk-based process to identify, prioritize, and remediate the specific arbitrary file write flaw in Applio versions 3.2.8-bugfix and prior.

prevent

Enforces least privilege on the Applio process to restrict the scope and impact of arbitrary file writes, preventing writes to sensitive locations.

References