← back
CVE-2025-68398

Weblate has git config file overwrite vulnerability that leads to remote code execution

CVSS 9.1 CRITICALEPSS 0.5%CWE-20CWE-22CWE-434
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
WeblateOrg · weblate

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7https://github.com/WeblateOrg/weblate/pull/17330https://github.com/WeblateOrg/weblate/pull/17345https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3