Vulnerability DatabaseCVE-2025-64725
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-64725
December 15, 2025
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.
Affected Packages
https://github.com/WeblateOrg/weblate.git (GITHUB):
Affected version(s) >=weblate-0.1 <weblate-5.13.1
Fix Suggestion:
Update to version weblate-5.13.1
weblate (PYTHON):
Affected version(s) >=1.9 <5.15
Fix Suggestion:
Update to version 5.15
Related Resources (6)
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15
https://github.com/WeblateOrg/weblate/pull/16913
https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj
https://nvd.nist.gov/vuln/detail/CVE-2025-64725
https://github.com/WeblateOrg/weblate
Do you need more information?
Contact Us
CVSS v4
Base Score:
1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Incorrect User Management
CWE-286
EPSS
Base Score:
0.01