CVE-2025-47951

Опубликовано: 16 июн. 2025

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Ссылки

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
Patch
https://github.com/WeblateOrg/weblate/pull/14918
Issue Tracking
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
Release Notes
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
Vendor Advisory
https://hackerone.com/reports/3150564
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Версия до 5.12 (исключая)

EPSS

Процентиль: 13%

0.00044

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-307

Связанные уязвимости

CVE-2025-47951

CVSS3: 4.9

debian

8 месяцев назад

Weblate is a web based localization tool. Prior to version 5.12, the v ...

GHSA-57jg-m997-cx3q

CVSS3: 4.9

github

8 месяцев назад

Weblate lacks rate limiting when verifying second factor

EPSS

Процентиль: 13%

0.00044

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-307