CVE-2025-49134

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.12

Description The issue concerns the inclusion of the full IP address of the acting user in audit log notifications. This information could be obtained by third-party servers, such as SMTP relays or spam filters.

Recommendations For versions prior to 5.12, update to version 5.12 to resolve the issue. As a temporary workaround, consider restricting access to audit log notifications to minimize the risk of IP address exposure.