File Read Vulnerability in Weblate Localization Tool
CVE-2025-68279

7.7HIGH

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
18 December 2025

What is CVE-2025-68279?

Weblate, a web-based localization tool, has a vulnerability that allows the reading of arbitrary files from the server's file system. This vulnerability arises from the ability to create crafted symbolic links within the repository, potentially exposing sensitive information. Users are strongly advised to upgrade to version 5.15.1 or later, which addresses this security issue.

Affected Version(s)

weblate < 5.15.1

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/17331
x_refsource_MISC
https://github.com/WeblateOrg/weblate/pull/17356
x_refsource_MISC

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68279 : File Read Vulnerability in Weblate Localization Tool