CVE-2025-64326 Weblate — Exploit & Vulnerability Details LOW

CVE-2025-64326

LOW CVSS 3.1: 2.6 EPSS 0.03%

Parameter	Value
CVSS	2.6 (LOW)
Affected Versions	before 5.14.1
Fixed In	5.14.1
Type	CWE-212
Vendor	Weblate
Public PoC	No

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users.

This issue is fixed in version 5.14.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-212

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Weblate Weblate cpe:2.3:a:weblate:weblate::::::::	—	`5.14.1`

References 2

https://github.com/WeblateOrg/weblate/pull/16781

security-advisories@github.com

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27457

Weblate

4.3

CVE-2026-24126

Weblate

9.1

CVE-2026-22251

Weblate

5.5

CVE-2026-22250

Weblate

5.5

Menu

CVE-2025-64326

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-27457

CVE-2026-24126

CVE-2026-22251

CVE-2026-22250

CVE Details

Editor's Choice

Menu

CVE-2025-64326

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-27457

CVE-2026-24126

CVE-2026-22251

CVE-2026-22250

CVE Details

Editor's Choice

Stay informed on cybersecurity