CVE-2025-68398

Critical CVSS: 9.1

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

Vendor

Weblate

Product

Weblate

CWE

CWE-20

Yayın Tarihi

2025-12-18 23:15:49

Güncelleme

2026-02-06 20:16:08

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Weblate CRITICAL Weblate 2025

Referanslar

https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4 https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7 https://github.com/WeblateOrg/weblate/pull/17330 https://github.com/WeblateOrg/weblate/pull/17345 https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3

Benzer Kayıtlar

Medium

CVE-2026-27457

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`…

Medium

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input…

High

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could wri…

Low

CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server…

Low

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped fo…

Medium

CVE-2026-22251

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API key…