CVE-2025-58352 LOW

CVE-2025-58352: Weblate has long session expiry times during second factor verification

Vendor Weblateorg
Product weblate
Weakness CWE-613 · Insufficient session expiration
Published September 4, 2025
Last update September 5, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

Key dates

02Disclosure timeline

September 4, 2025 CVE published
September 5, 2025 Record updated