CVE-2025-27774
📋 TL;DR
Applio voice conversion tool versions 3.2.7 and earlier contain server-side request forgery (SSRF) and arbitrary file write vulnerabilities in model_download.py. These allow attackers to probe internal networks, read files from internal hosts when combined with other vulnerabilities, and potentially achieve remote code execution through file writes combined with unsafe deserialization. All Applio users running vulnerable versions are affected.
💻 Affected Systems
- Applio
📦 What is this software?
Applio by Applio
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on the Applio server through file write combined with unsafe deserialization, enabling full system compromise and lateral movement to internal network systems.
Likely Case
Internal network reconnaissance and information disclosure through SSRF, potentially leading to credential theft or access to internal services.
If Mitigated
Limited information disclosure about internal network structure if proper network segmentation and egress filtering are in place.
🎯 Exploit Status
Exploitation requires chaining multiple vulnerabilities for full impact; SSRF component is straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: None
Restart Required: No
Instructions:
No official patch available. Monitor Applio GitHub repository for updates and apply immediately when available.
🔧 Temporary Workarounds
Network Segmentation and Egress Filtering
linuxRestrict Applio server's outbound network access to prevent SSRF exploitation of internal systems.
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
File System Restrictions
linuxRun Applio with minimal file system write permissions to limit impact of file write vulnerability.
chmod -R 755 /path/to/applio
chown -R nobody:nogroup /path/to/applio
🧯 If You Can't Patch
- Isolate Applio server in dedicated network segment with strict egress filtering
- Implement web application firewall rules to block suspicious model_download.py requests
🔍 How to Verify
Check if Vulnerable:
Check Applio version in web interface or configuration files; if version is 3.2.7 or earlier, system is vulnerable.Check Version:
grep -r 'version' /path/to/applio/config/ || cat /path/to/applio/version.txtVerify Fix Applied:
Verify Applio version has been updated beyond 3.2.7 when patch becomes available.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from Applio server
- File write operations in model_download.py directory
- Requests to internal IP addresses from Applio
Network Indicators:
- HTTP requests to internal network ranges from Applio server
- Unusual file download patterns to Applio server
SIEM Query:
source="applio.logs" AND (url CONTAINS "model_download" OR dest_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16))🔗 References
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L143
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L147-L148
- https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/download/download.py#L192-L196
- https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/
