UNKNOWN PyPI
Weblate has improper validation upon invitation acceptance
GHSA-m6hq-f4w9-qrjj · CVE-2025-64725
Published · Modified
Description
Impact
It was possible to accept an invitation opened by a different Weblate user.
Patches
Workarounds
Users should avoid leaving Weblate sessions with an unattended opened invitation.
References
Thanks to Nahid0x for responsibly disclosing this vulnerability to Weblate.
References
- WEB https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-64725
- WEB https://github.com/WeblateOrg/weblate/pull/16913
- WEB https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9
- PACKAGE https://github.com/WeblateOrg/weblate
- WEB https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15
Ready to move
Start Securing
Free, no credit card | First findings in minutes