
We found results for “”
CVE-2025-49134
Good to know:


Date: June 16, 2025
Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12.
Severity Score
Related Resources (7)
Weakness Type (CWE)
Exposure of Private Personal Information to an Unauthorized Actor
CWE-359Top Fix

Upgrade Version
Upgrade to version weblate - 5.12.0;https://github.com/WeblateOrg/weblate.git - weblate-5.12
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | NONE |