← voltar
CVE-2025-68398

Weblate has git config file overwrite vulnerability that leads to remote code execution

CVSS 9.1 CRITICALEPSS 0.5%CWE-20CWE-22CWE-434
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
WeblateOrg · weblate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7https://github.com/WeblateOrg/weblate/pull/17330https://github.com/WeblateOrg/weblate/pull/17345https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3