CVE-2025-67715

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15

Description Weblate, a web-based localization tool, had a broken authorization issue in its REST API that allowed for systematic user and project enumeration. Specifically, it was possible to retrieve user notification settings or list all users via the API.

Recommendations Update to version 5.15 or later.

Exploit

Fix

Improper Access Control

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-285

Related Identifiers

CVE-2025-67715

GHSA-3PMH-24WP-XPF4

PYSEC-2025-233

Affected Products

Weblate

CVE-2025-67715

Weakness Enumeration

Related Identifiers

Affected Products

References · 12