{"data":{"id":"e489c27e-f1fc-46a5-a8d5-ca4919fb7b33","title":"CVE-2025-27779: Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_bl","summary":"Applio, a voice conversion tool, has a vulnerability in versions 3.2.8-bugfix and earlier where it unsafely deserializes (converts untrusted data back into objects) user-supplied model files using `torch.load`, potentially allowing attackers to run arbitrary code on affected systems.","solution":"A patch is available on the `main` branch of the Applio repository.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-27779","publishedAt":"2025-03-19T21:15:39.850Z","cveId":"CVE-2025-27779","cweIds":["CWE-502"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Applio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.046,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}