CVE-2025-68279

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

EPSS Низкий

Описание

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.

Ссылки

https://github.com/WeblateOrg/weblate/pull/17331
Issue Tracking
Patch
https://github.com/WeblateOrg/weblate/pull/17356
Issue Tracking
Patch
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
Release Notes
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Версия до 5.15.1 (исключая)

EPSS

Процентиль: 17%

0.00056

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-68279

CVSS3: 7.7

debian

около 2 месяцев назад

Weblate is a web based localization tool. In versions prior to 5.15.1, ...

GHSA-g925-f788-4jh7

CVSS3: 7.7

github

около 2 месяцев назад

Weblate has an arbitrary file read via symbolic links

EPSS

Процентиль: 17%

0.00056

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22