CVE-2025-64326 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2025-64326?

CVE-2025-64326 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-64326?

Check the references section above for vendor advisories and patch information. Affected products include: Weblate Weblate.

Vulnerability Description

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

CVSS Score

2.6

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Weblate	Weblate	< 5.14.1

Related Weaknesses (CWE)

CWE-212

References

https://github.com/WeblateOrg/weblate/pull/16781Issue Tracking
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhcPatchVendor Advisory

FAQ

What is CVE-2025-64326?

CVE-2025-64326 is a vulnerability with a CVSS score of 2.6 (LOW). Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP a...

How severe is CVE-2025-64326?

CVE-2025-64326 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-64326?

Check the references section above for vendor advisories and patch information. Affected products include: Weblate Weblate.