CVE-2025-64326 LOW

CVE-2025-64326: Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Vendor Weblateorg
Product weblate
Weakness CWE-212
Published November 6, 2025
Last update November 6, 2025

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Key dates

02Disclosure timeline

November 6, 2025 CVE published
November 6, 2025 Record updated