CVE-2025-27780
Published: 19 March 2025
Description
Adversaries may abuse Python commands and scripts for execution.
Security Summary
CVE-2025-27780 is an unsafe deserialization vulnerability (CWE-502) in Applio, an open-source voice conversion tool. Versions 3.2.8-bugfix and prior are affected due to improper handling of user-supplied input in model_information.py. The model_name parameter accepts input such as a path to a model file, which is passed to run_model_information_script and then to the model_information function. This function loads the model using torch.load on line 16 of rvc/train/process/model_information.py, enabling unsafe deserialization.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Unauthenticated attackers can exploit it over the network with low complexity and no user interaction, achieving remote code execution on the target system.
A patch addressing the issue is available in the main branch of the Applio GitHub repository via commit 11d139508d615a6db4d48b76634a443c66170dda. The GitHub Security Lab advisory (GHSL-2024-341_GHSL-2024-353_Applio) provides further details on the flaw and remediation.
Applio uses PyTorch for loading machine learning models in voice conversion workflows, underscoring deserialization risks in AI/ML applications handling untrusted model files. No public evidence of real-world exploitation is available.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unsafe deserialization via torch.load enables remote unauthenticated RCE in a network-accessible function (T1190) and arbitrary Python code execution (T1059.006).