Home

Description

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-18 | Updated 2025-12-19 | Assigner GitHub_M




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

< 5.15.1
affected

References

github.com/...eblate/security/advisories/GHSA-8vcg-cfxj-p5m3

github.com/WeblateOrg/weblate/pull/17330

github.com/WeblateOrg/weblate/pull/17345

github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1

cve.org (CVE-2025-68398)

nvd.nist.gov (CVE-2025-68398)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.