CVE-2025-58352 | THREATINT

Description

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

PUBLISHED Reserved 2025-08-29 | Published 2025-09-04 | Updated 2025-09-05 | Assigner GitHub_M

LOW: 2.1CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-613: Insufficient Session Expiration

Product status

< 5.13.1

affected

References

github.com/...eblate/security/advisories/GHSA-377j-wj38-4728

github.com/WeblateOrg/weblate/pull/16002

github.com/...ommit/0b46fe596231dd456283ead66699ae5516f23908

cve.org (CVE-2025-58352)

nvd.nist.gov (CVE-2025-58352)

Download JSON