Web Localization Tool Vulnerability in Weblate
CVE-2025-49134

2.1LOW

Key Information:

Vendor: Weblateorg
Status: Weblate
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-49134?

The Weblate localization tool, before version 5.12, had a vulnerability where audit log notifications exposed the full IP address of the acting user. This information could potentially be accessed by third-party servers, such as SMTP relays and spam filters, thereby compromising user privacy. Weblate released version 5.12 to address this issue.

Affected Version(s)

weblate < 5.12

References

https://github.com/WeblateOrg/weblate/security/advisories...

x_refsource_CONFIRM

https://github.com/WeblateOrg/weblate/pull/15102

x_refsource_MISC

https://github.com/WeblateOrg/weblate/commit/020b2905e4d0...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Jun 2, 2025

Weblateorg

What is CVE-2025-49134?

Affected Version(s)

References

CVSS V4

Timeline