6.5
CVE-2025-58352
- EPSS 0.26%
- Veröffentlicht 04.09.2025 23:28:26
- Zuletzt bearbeitet 18.09.2025 16:25:36
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginWeblate has long session expiry times during second factor verification
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.173 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
| security-advisories@github.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728
https://github.com/WeblateOrg/weblate/pull/16002
https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908