Weblate Web-Based Localization Tool Session Vulnerability
CVE-2025-64725

1LOW

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
15 December 2025

What is CVE-2025-64725?

Weblate, a web-based localization tool, has a vulnerability in its session management system. Versions prior to 5.15 allow users to accept invitations that were opened by different users, potentially compromising user sessions. As a security measure, users are advised to avoid leaving sessions open with invitations unattended. The issue has been addressed in version 5.15, which contains a patch to mitigate the risks associated with this vulnerability.

Affected Version(s)

weblate < 5.15

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/16913
x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/02e904675f06...
x_refsource_MISC

CVSS V4

Score:
1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64725 : Weblate Web-Based Localization Tool Session Vulnerability