GHSA-m6hq-f4w9-qrjj

Опубликовано: 15 дек. 2025

Источник: github

Github: Прошло ревью

CVSS4: 1

Описание

Weblate has improper validation upon invitation acceptance

Impact

It was possible to accept an invitation opened by a different Weblate user.

Patches

https://github.com/WeblateOrg/weblate/pull/16913

Workarounds

Users should avoid leaving Weblate sessions with an unattended opened invitation.

References

Thanks to Nahid0x for responsibly disclosing this vulnerability to Weblate.

Ссылки

Пакеты

Наименование

Weblate

pip

Затронутые версииВерсия исправления

< 5.15

5.15

EPSS

Процентиль: 1%

0.0001

Низкий

1 Low

CVSS4

CVE ID

CVE-2025-64725

Дефекты

CWE-286

Связанные уязвимости

CVE-2025-64725

CVSS3: 9.8

nvd

около 2 месяцев назад

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.

CVE-2025-64725

CVSS3: 9.8

debian

около 2 месяцев назад

Weblate is a web based localization tool. In versions prior to 5.15, i ...

EPSS

Процентиль: 1%

0.0001

Низкий

1 Low

CVSS4

CVE ID

CVE-2025-64725

Дефекты

CWE-286