PT-2025-52374 · Weblate · Weblate

Secjson

Published

2025-12-18

Updated

2026-01-02

CVE-2025-68279

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15.1

Description Weblate is a web-based localization tool. Versions prior to 5.15.1 contain a flaw that allows reading arbitrary files from the server file system. This is possible through the use of specially crafted symbolic links within a repository.

Recommendations Update to version 5.15.1 or later.

Exploit

Fix

Path traversal

Information Disclosure

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200CWE-59

Related Identifiers

CVE-2025-68279

GHSA-G925-F788-4JH7

Affected Products

Weblate

PT-2025-52374 · Weblate · Weblate

CVE-2025-68279

Weakness Enumeration

Related Identifiers

Affected Products

References · 12