PT-2025-25574 · Weblate · Weblate
Obscuredeer
·
Publicado
2025-06-16
·
Atualizado
2025-07-16
·
CVE-2025-47951
CVSS v3.1
4.9
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Weblate versions prior to 5.12
Description
The verification of the second factor was not subject to rate limiting, allowing an attacker with valid credentials to automate OTP guessing via the second factor endpoint.
Recommendations
For versions prior to 5.12, update to version 5.12 to resolve the issue. As a temporary workaround, consider restricting access to the second factor endpoint to minimize the risk of exploitation.
Exploit
Correção
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Weblate