Session Expiry Vulnerability in Weblate Localization Tool by Weblate
CVE-2025-58352

2.1LOW

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
4 September 2025

What is CVE-2025-58352?

Weblate, a widely-used web localization tool, has a vulnerability present in versions lower than 5.13.1 that can lead to prolonged session expiry during the second factor verification process. This weakness potentially allows an attacker to bypass rate limiting mechanisms associated with two-factor authentication. Users are strongly encouraged to update to version 5.13.1 or later to mitigate this security risk.

Affected Version(s)

weblate < 5.13.1

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/16002
x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/0b46fe596231...
x_refsource_MISC

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.