← volver
CVE-2025-68279

Weblate has an arbitrary file read via symbolic links

CVSS 7.7 HIGHEPSS 0.3%CWE-200CWE-22CWE-59
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Productos afectados
WeblateOrg · weblate

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/WeblateOrg/weblate/pull/17331https://github.com/WeblateOrg/weblate/pull/17356https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7