CVE-2025-47951

EPSS 0.22%
Veröffentlicht 16.06.2025 20:57:52
Zuletzt bearbeitet 16.07.2025 14:32:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version < 5.12

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.119

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.9	1.8	2.7	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q

Vendor Advisory

https://github.com/WeblateOrg/weblate/pull/14918

Issue Tracking

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384

Patch

https://hackerone.com/reports/3150564

Permissions Required

https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-47951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47951

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47951