CVE-2025-58352
MEDIUM severity · CVSS 6.5 · CWE-613
6.5CVSS MEDIUM
Summary
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactLow
Availability impactLow
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908 ↗