CVE-2025-27781

CVE-2025-27781 is an unsafe deserialization vulnerability (CWE-502) in Applio, an open-source voice conversion tool. It affects versions 3.2.8-bugfix and prior. The issue stems from the inference.py and tts.py modules, where the model_file parameter accepts user-supplied input, such as a model path. This value is passed to the change_choices and get_speakers_id functions, which invoke torch.load at line 326 in inference.py (version 3.2.8-bugfix) on untrusted data, enabling arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by any unauthenticated attacker over the network with low complexity and no user interaction. By providing a malicious model file path, an attacker can trigger deserialization of crafted payloads during model loading, resulting in remote code execution on the victim's system with high impacts to confidentiality, integrity, and availability.

Mitigation is available via a patch on the main branch of the Applio GitHub repository (commit eb21d9dd349a6ae1a28c440b30d306eafba65097). Security practitioners should advise users to update immediately. Additional details are provided in the GitHub Security Lab advisory (GHSL-2024-341_GHSL-2024-353) and affected code references.

As a PyTorch-based voice conversion tool, this vulnerability underscores deserialization risks in AI/ML inference pipelines where user-controlled model inputs are common. No public evidence of real-world exploitation has been reported as of publication on 2025-03-19.