4.9

CVE-2025-47951

EPSS 0.04%
Veröffentlicht 16.06.2025 20:57:52
Zuletzt bearbeitet 16.07.2025 14:32:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version < 5.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.117

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.9	1.8	2.7	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q

Vendor Advisory

https://github.com/WeblateOrg/weblate/pull/14918

Issue Tracking

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384

Patch

https://hackerone.com/reports/3150564

Permissions Required

https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-47951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47951

EUVD