← back
CVE-2025-58352

Weblate has long session expiry times during second factor verification

CVSS 2.1 LOWEPSS 0.3%CWE-613
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
WeblateOrg · weblate

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908https://github.com/WeblateOrg/weblate/pull/16002https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728