CVE-2025-64326

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.14.1

Description Weblate versions 5.14 and below disclose the IP address of a project member when inviting a user to a project. The audit log, which includes IP addresses from administrative actions, is accessible to invited users, leading to potential information leakage.

Recommendations Update to version 5.14.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

CVE-2025-64326

GHSA-GR35-VPX2-QXHC

OPENSUSE-SU-2025:15733-1

PYSEC-2025-126

PYSEC-2025-230

Affected Products

Weblate

CVE-2025-64326

Weakness Enumeration

Related Identifiers

Affected Products

References · 14