CVE-2025-47951

Sažetak

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Reference

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
https://github.com/WeblateOrg/weblate/pull/14918
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
https://hackerone.com/reports/3150564

CVSS

Base:	4.9
Impact:	2.7
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

16-06-2025 - 21:15

Objavljeno

16-06-2025 - 21:15