CVE-2025-64725Incorrect User Management in Weblate

CWE-286Incorrect User Management4 documents4 sources
Severity
1.0LOWNVD
EPSS
0.0%
top 96.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Weblateorg WeblateWeblate
Timeline
PublishedDec 15

Description

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDweblate/weblate< 5.15
PyPIweblate/weblate< 5.15
CVEListV5weblateorg/weblate< 5.15

Patches

Patch: github.com

🔴Vulnerability Details

2
OSV
Weblate has improper validation upon invitation acceptance2025-12-15
GHSA
Weblate has improper validation upon invitation acceptance2025-12-15

🕵️Threat Intelligence

1
Wiz
CVE-2025-64725 Impact, Exploitability, and Mitigation Steps | Wiz