Open Redirect Vulnerability in Weblate Localization Tool
CVE-2025-61587

2.1LOW

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
1 October 2025

What is CVE-2025-61587?

Weblate, a web-based localization tool, has an open redirect vulnerability in its configurations that allows attackers to redirect users to malicious sites using crafted URLs. This occurs via the 'redir' parameter on the .within.website domain for versions 5.13.2 and below when Weblate is set up with Anubis and the REDIRECT_DOMAINS setting is misconfigured. This flaw increases the risk of drive-by downloads for users directed to harmful files. The issue has been addressed in version 5.13.3.

Affected Version(s)

weblate < 5.13.3

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/docker/commit/76518342f65b8...
x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/6b3d73a31027...
x_refsource_MISC

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61587 : Open Redirect Vulnerability in Weblate Localization Tool