CVE-2025-27780 in Applio
Summary
by MITRE • 03/19/2025
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a path to a model) and pass that value to the `run_model_information_script` and later to `model_information` function, which loads that model with `torch.load` in rvc/train/process/model_information.py (on line 16 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available in the `main` branch of the repository.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/01/2025
The vulnerability identified as CVE-2025-27780 affects Applio, a voice conversion tool that enables users to manipulate and transform audio voices through machine learning models. This security flaw exists in versions 3.2.8-bugfix and earlier, representing a critical unsafe deserialization vulnerability that can be exploited to achieve remote code execution. The vulnerability stems from improper input validation and handling within the model_information.py module, where user-supplied paths are directly processed without adequate sanitization or security checks.
The technical implementation of this vulnerability occurs when the application processes user-provided model names through the model_information.py file. Specifically, the `model_name` parameter accepts user input representing a file path to a model, which is then passed to the `run_model_information_script` function and subsequently to the `model_information` function. This chain of function calls leads to the execution of `torch.load` in the rvc/train/process/model_information.py file at line 16 within the affected version. The `torch.load` function, when processing maliciously crafted model files, can execute arbitrary code due to its inability to properly validate and sanitize the input data structure, creating a direct pathway for attackers to inject and execute malicious payloads.
The operational impact of this vulnerability extends beyond simple code execution, as it allows remote attackers to gain full control over the affected system. Attackers can leverage this vulnerability to execute arbitrary commands on the target system, potentially leading to complete system compromise, data exfiltration, or further lateral movement within a network. The vulnerability's remote exploitability means that attackers do not require physical access or local privileges to exploit the flaw, making it particularly dangerous in environments where the application is exposed to untrusted networks or users. The unsafe deserialization aspect of this vulnerability aligns with CWE-502, which specifically addresses deserialization of untrusted data, and represents a significant risk in machine learning applications where model files are frequently exchanged and processed.
The security implications of CVE-2025-27780 can be analyzed through the lens of the MITRE ATT&CK framework, where this vulnerability maps to techniques such as T1059.001 for command and scripting interpreter and T1203 for Exploitation for Client Execution. The vulnerability's exploitation pathway follows a typical attack pattern where initial access is gained through the insecure deserialization mechanism, followed by privilege escalation and lateral movement. Organizations using Applio should immediately implement mitigations including applying the patch available in the main branch of the repository, implementing strict input validation for model paths, and considering network segmentation to limit exposure. Additional defensive measures should include monitoring for unusual file access patterns and implementing least privilege principles for the application's execution environment, as the vulnerability could potentially be exploited to gain unauthorized access to sensitive data or system resources.