CVE-2025-68279

HIGH

Weblate < 5.15.1 - Information Disclosure

Title source: rule

Description

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.

References (4)

[Vendor Advisory] https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7

[Issue Tracking, Patch] https://github.com/WeblateOrg/weblate/pull/17356

[Release Notes] https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1

[Issue Tracking, Patch] https://github.com/WeblateOrg/weblate/pull/17331

Scores

CVSS v3 7.7

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-200 CWE-59

Status published

Products (2)

pypi/Weblate 0 - 5.15.1PyPI

weblate/weblate < 5.15.1

Published Dec 18, 2025

Tracked Since Feb 18, 2026