CVE-2025-67715

Summary

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
WeblateOrgweblate< 5.15affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control
  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References