CVE-2025-64326

EPSS 0.16%
Veröffentlicht 06.11.2025 20:55:17
Zuletzt bearbeitet 04.12.2025 21:35:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below,  Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version < 5.14.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com	2.6	1.2	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc

Patch

Vendor Advisory

https://github.com/WeblateOrg/weblate/pull/16781

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-64326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64326

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64326