Cyber Resilience

CVE-2025-27786

High

Published: 19 March 2025

Published
19 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v4 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0100 77.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27786 is a high-severity Path Traversal (CWE-22) vulnerability in Applio Applio. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

Applio, an open-source voice conversion tool, is affected by an arbitrary file deletion vulnerability in versions 3.2.8-bugfix and earlier. The flaw stems from insufficient input validation in the text-to-speech workflow: tts.py accepts an attacker-controlled value for output_tts_path and forwards it to run_tts_script in core.py, which performs an existence check followed by an unconditional removal of the supplied path. This constitutes a classic path traversal issue tracked as CWE-22.

An unauthenticated remote attacker can supply an arbitrary filesystem path through the TTS interface and cause the application to delete any file the process has permission to remove, resulting in high-impact integrity and availability consequences without requiring user interaction.

The referenced GitHub Security Lab advisory (GHSL-2024-341) and the linked source files document the vulnerable code paths in detail. At the time of disclosure no official patches were available for the affected versions.

EPSS scores have remained low and stable near 0.01 with only a negligible peak, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbitrary user input and passes it to `run_tts_script` function in core.py, which checks if the path in `output_tts_path`…

more

exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
Why these techniques?

Remote unauthenticated path traversal in public-facing TTS functionality directly enables exploitation of public-facing apps (T1190) and arbitrary file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27782Same product: Applio Applio
CVE-2025-27783Same product: Applio Applio
CVE-2025-27785Same product: Applio Applio
CVE-2025-27787Same product: Applio Applio
CVE-2025-27778Same product: Applio Applio
CVE-2025-27780Same product: Applio Applio
CVE-2025-27779Same product: Applio Applio
CVE-2025-27777Same product: Applio Applio
CVE-2025-27781Same product: Applio Applio
CVE-2025-27784Same product: Applio Applio

Affected Assets

applio
applio
≤ 3.2.8-bugfix

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents path traversal exploits by requiring validation of arbitrary user inputs like output_tts_path before passing to file removal functions in core.py.

prevent

Mitigates impact of arbitrary file deletion by enforcing least privilege on the application process, limiting permissions to delete sensitive or system files.

prevent

Addresses the root cause vulnerability through timely flaw remediation, including patching the insecure path handling in tts.py and core.py.

References