Remote Git Configuration Overwrite in Weblate Localization Tool
CVE-2025-68398

9.1CRITICAL

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
18 December 2025

What is CVE-2025-68398?

Weblate, a web-based localization tool, allows unauthorized remote Git configuration overwrites in versions prior to 5.15.1. This vulnerability can lead to unauthorized changes in Git behavior, potentially compromising the integrity of the system. Users are urged to upgrade to version 5.15.1 or later to mitigate this issue. For more information on the resolution, visit the official documentation.

Affected Version(s)

weblate < 5.15.1

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/17330
x_refsource_MISC
https://github.com/WeblateOrg/weblate/pull/17345
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.