Home > Vulnerability Database > CVE-2025-64326

Mend.io Vulnerability Database

CVE-2025-64326

Good to know:

Date: November 6, 2025

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Severity Score

2.6

Related Resources (6)

Url: https://github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64326

Url: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc

Url: https://github.com/WeblateOrg/weblate

Url: https://github.com/WeblateOrg/weblate/pull/16781

Url: https://www.mend.io/vulnerability-database/CVE-2025-64326

Severity Score

2.6

Weakness Type (CWE)

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-212

Top Fix

Upgrade Version

Upgrade to version weblate - 5.14.1;https://github.com/WeblateOrg/weblate.git - weblate-5.14.1

Learn More

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64326

Good to know:

Date: November 6, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?