CVE-2025-68398

EUVD-2025-204419
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
weblateweblate
𝑥
< 5.15.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
https://github.com/WeblateOrg/weblate/pull/17330
https://github.com/WeblateOrg/weblate/pull/17345
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3