QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47951

Published: Jun 16, 2025

Modified: Jun 17, 2025

PUBLISHED

CVSS v3.1

4.9

MEDIUM

Description

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Vendor	Product	Versions
WeblateOrg	weblate	affected `< 5.12`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q

x_refsource_CONFIRM

https://github.com/WeblateOrg/weblate/pull/14918

x_refsource_MISC

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384

x_refsource_MISC

https://hackerone.com/reports/3150564

x_refsource_MISC

https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.