CVE-2025-61587

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Weblate versions 5.13.2 and below

Description Weblate is a web-based localization tool. An open redirect exists via the redir parameter on the '.within.website' endpoint when Weblate is configured with Anubis and REDIRECT DOMAINS is not set. An attacker can create a URL on the legitimate domain that redirects a victim to an attacker-controlled site. This redirect could also initiate drive-by downloads, posing a risk to end users.

Recommendations Update to version 5.13.3 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-1395

Related Identifiers

CVE-2025-61587

GHSA-3XHV-R4GX-XW99

OPENSUSE-SU-2025:15615-1

Affected Products

Weblate

CVE-2025-61587

Weakness Enumeration

Related Identifiers

Affected Products

References · 14