CVE-2025-58352

low

Description

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728

https://github.com/WeblateOrg/weblate/pull/16002

https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908

Details

Source: Mitre, NVD

Published: 2025-09-05

Updated: 2025-09-18

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00036