CVE-2025-64326

EPSS 0.03%
Veröffentlicht 06.11.2025 20:55:17
Zuletzt bearbeitet 04.12.2025 21:35:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Weblate is a web based localization tool. In versions 5.14 and below,  Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version < 5.14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com	2.6	1.2	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc

Patch

Vendor Advisory

https://github.com/WeblateOrg/weblate/pull/16781

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-64326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64326

EUVD