CVE-2025-68398

Summary

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
WeblateOrgweblate< 5.15.1affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation
  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References