{"data":{"id":"54f82632-b70d-4bd4-b46d-402621bb7cd2","title":"CVE-2025-27780: Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_inf","summary":"Applio, a voice conversion tool, has a vulnerability in versions 3.2.8-bugfix and earlier where it unsafely deserializes (reconstructs objects from stored data without validation) user-supplied model files using `torch.load`, which could allow attackers to run arbitrary code on the affected system.","solution":"A patch is available in the `main` branch of the repository.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-27780","publishedAt":"2025-03-19T21:15:39.980Z","cveId":"CVE-2025-27780","cweIds":["CWE-502"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Applio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.046,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}