CVE-2025-64326
BaseFortify
Publication date: 2025-11-06
Last updated on: 2025-12-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weblate | weblate | to 5.14.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Weblate versions 5.14 and below causes the IP address of the project member who invites a user to a project to be leaked in the audit log. The audit log, which includes IP addresses from admin-triggered actions, is viewable by invited users, exposing potentially sensitive IP information. This issue is fixed in version 5.14.1.
How can this vulnerability impact me? :
The vulnerability can lead to unintended disclosure of IP addresses of project members who invite users, potentially compromising privacy and exposing network information to users who should not have access to it. This could be used for tracking or profiling individuals involved in the project.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Weblate to version 5.14.1 or later, as this version fixes the issue of IP address leakage in the audit log.