CVE-2025-68398
CRITICALWeblate < 5.15.1 - Path Traversal via Git Configuration Overwrite
Title source: llmDescription
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
Issue Tracking x_refsource_misc
https://github.com/WeblateOrg/weblate/pull/17330
Issue Tracking x_refsource_misc
https://github.com/WeblateOrg/weblate/pull/17345
Patch x_refsource_misc
https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
Patch x_refsource_misc
https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
Release Notes x_refsource_misc
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
Scores
CVSS v3
9.1
EPSS
0.0049
EPSS Percentile
38.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
CWE-434
CWE-20
Status
published
Products (2)
pypi/Weblate
0 - 5.15.1PyPI
weblate/weblate
< 5.15.1
Published
Dec 18, 2025
Tracked Since
Feb 18, 2026