CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Common Weakness Enumeration
References
https://github.com/WeblateOrg/weblate/pull/17330
https://github.com/WeblateOrg/weblate/pull/17345
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3