Insufficient Rate Limiting in Weblate's OTP Verification by WeblateOrg
CVE-2025-47951

4.9MEDIUM

Key Information:

Vendor: Weblateorg
Status: Weblate
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-47951?

Weblate, a web-based localization tool, experienced a security issue prior to version 5.12 where the verification process for the second factor lacked proper rate limiting. This vulnerability allowed attackers with valid credentials to automate the guessing of one-time passwords (OTPs) due to unrestricted repeated attempts. The issue has been addressed in version 5.12, which implements necessary rate limiting to bolster security against such automated attacks.

Affected Version(s)

weblate < 5.12

References

https://github.com/WeblateOrg/weblate/security/advisories...

x_refsource_CONFIRM

https://github.com/WeblateOrg/weblate/pull/14918

x_refsource_MISC

https://github.com/WeblateOrg/weblate/commit/f80629345124...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
May 14, 2025

Weblateorg

What is CVE-2025-47951?

Affected Version(s)

References

CVSS V3.1

Timeline