CVE-2025-64326

Published: Nov 6, 2025Modified: Dec 4, 2025

3.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD

Description

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Affected (1)

Products: Weblate: Weblate

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Weblate Weblate	Before 5.14.1

Related CWEs

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References (2)

https://github.com/WeblateOrg/weblate/pull/16781

Source: security-advisories@github.com

Issue Tracking

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc

Source: security-advisories@github.com

PatchVendor Advisory

Timeline

No history available yet.