Applio Server-Side Request Forgery and File Write Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Applio, a voice conversion tool, in versions through 3.2.7. The vulnerability resides in the 'model_download.py' file, specifically at line 240. This blind SSRF allows the Applio server to send requests on behalf of the user, potentially probing for other vulnerabilities on the server or internal network. Additionally, this SSRF can be combined with an arbitrary file read vulnerability (CVE-2025-27784) to create a full SSRF, reading files from internal hosts accessible to the Applio server. The identified file write vulnerability allows for writing files on the server, which could be exploited alongside other vulnerabilities, such as unsafe deserialization, to achieve remote code execution on the Applio server.

Impact

Exploitation of this vulnerability could lead to blind server-side request forgery, allowing the Applio server to send requests to internal resources or external services. Coupled with the file write vulnerability, this could result in remote code execution on the Applio server. Furthermore, if combined with the arbitrary file read vulnerability (CVE-2025-27784), it could create a full SSRF, reading files from internal hosts accessible to the Applio server.

Reproduction

The vulnerability can be reproduced by uploading a file through the application's inference or TTS tabs, while also providing a model link that points to a file on a Discord CDN. This process triggers the server-side request forgery by downloading the file from the provided URL, which can be exploited to access internal network resources or read sensitive files from internal hosts via the established SSRF. The uploaded file can then be used to exploit the file write vulnerability, potentially leading to remote code execution by deserializing a malicious payload.