SecuriTricks - CVE-2025-49134

Description

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12.

Product(s) Impacted

Vendor	Product	Versions
Weblate	Weblate	<5.12

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	weblate	weblate	<5.12	/	/	/	/	/	/	/

References

https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62

https://github.com/WeblateOrg/weblate/pull/15102

https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5

CVSS Score

2.1 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: HIGH
Attack Requirements: NONE
Privileges Required: HIGH
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: June 16, 2025, 9:15 p.m.
Last Modified: June 16, 2025, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2025-49134