Skip to main content

Weblate EUVDEUVD-2025-18400

| CVE-2025-47951 MEDIUM
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2025-06-16 security-advisories@github.com GHSA-57jg-m997-cx3q
4.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.9 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18400
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
Patch released
Mar 14, 2026 - 21:59 nvd
Patch available
CVE Published
Jun 16, 2025 - 21:15 nvd
MEDIUM 4.9

DescriptionGitHub Advisory

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Analysis

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Technical ContextAI

This vulnerability is classified as Improper Restriction of Excessive Authentication Attempts (CWE-307).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

CVE-2025-61587 MEDIUM POC
6.1 Oct 01

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter o

CVE-2026-34393 HIGH
8.8 Apr 15

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limi

CVE-2022-23915 HIGH
8.8 Mar 04

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when u

CVE-2026-33435 HIGH
8.0 Apr 15

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial

CVE-2026-34242 HIGH
7.7 Apr 15

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded f

CVE-2026-21889 HIGH
7.5 Jan 14

Weblate versions prior to 5.15.2 expose screenshot images through the web server without authentication controls, enabli

CVE-2026-33220 MEDIUM
6.8 Apr 15

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpo

CVE-2026-24126 MEDIUM
6.6 Feb 19

Weblate versions up to 5.16.0 contains a vulnerability that allows attackers to an argument injection to `ssh-add` (CVSS

CVE-2025-32021 LOW POC
2.2 Apr 15

Weblate is a web based localization tool. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Pub

CVE-2026-50127 MEDIUM
5.9 Jun 10

Server-Side Request Forgery in Weblate's VCS_RESTRICT_PRIVATE control (versions 5.15 through pre-2026.6) allows bypassin

CVE-2017-5537 MEDIUM
5.3 Mar 15

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email addres

CVE-2024-39303 MEDIUM
5.4 Jul 01

Weblate is a web based localization tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable,

Vendor StatusVendor

Debian

Bug #745661
weblate
Release Status Fixed Version Urgency
open - -

SUSE

Severity: Medium

Share

EUVD-2025-18400 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy