← voltar
CVE-2025-68279

Weblate has an arbitrary file read via symbolic links

CVSS 7.7 HIGHEPSS 0.3%CWE-200CWE-22CWE-59
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
WeblateOrg · weblate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/WeblateOrg/weblate/pull/17331https://github.com/WeblateOrg/weblate/pull/17356https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7