CVE-2025-68398CRITICAL 9.1EPSS p38.2%

CVE-2025-68398CVE-2025-68398

Description

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.2% · 2026-06-18T12:00:27Z
Published2025-12-18
Last modified2026-02-06

Underlying weaknesses· 3

CWE-20CWE-22CWE-434

References

  1. https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
  2. https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
  3. https://github.com/WeblateOrg/weblate/pull/17330
  4. https://github.com/WeblateOrg/weblate/pull/17345
  5. https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
  6. https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3

3

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33435
CVE
CVE-2026-34393
CVE
CVE-2026-41654
CVE
CVE-2025-64725
CVE
CVE-2026-24126
CVE
CVE-2026-45106
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.