CVE-2025-49134 LOW

CVE-2025-49134: Weblate exposes personal IP address via e-mail

Vendor Weblateorg
Product weblate
Weakness CWE-359
Published June 16, 2025
Last update June 17, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12.

Key dates

02Disclosure timeline

June 16, 2025 CVE published
June 17, 2025 Record updated