CVE-2025-58352Insufficient Session Expiration in Weblate

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.0%
top 85.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Weblateorg WeblateWeblate
Timeline
Latest updateSep 4
PublishedSep 5

Description

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDweblate/weblate< 5.13.1
PyPIweblate/weblate< 5.13.1
CVEListV5weblateorg/weblate< 5.13.1

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
Weblate has a long session expiry when verifying second factor2025-09-04
OSV
Weblate has a long session expiry when verifying second factor2025-09-04