CVE-2025-58352
2.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WeblateOrg | weblate | < 5.13.1 | affected |
Weaknesses
- CWE-613: CWE-613: Insufficient Session Expiration
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728
- https://github.com/WeblateOrg/weblate/pull/16002
- https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.