PT-2025-45725 · Pypi · Weblate

Published

2025-11-05

·

Updated

2025-11-05

CVSS v3.1

2.6

Low

VectorAV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Summary

Weblate leaks the IP address of the project member inviting the user to the project in the audit log.

Details

The audit log included IP addresses from admin-triggered actions, and those could be viewed by invited users.

Impact

The inviting user's (admin's) IP address could be leaked to invited users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

GHSA-GR35-VPX2-QXHC

Affected Products

Weblate