Login Sign Up

CVE-2025-61587

6.1 MEDIUM
Open Redirect

📋 TL;DR

This CVE describes an open redirect vulnerability in Weblate versions 5.13.2 and below when configured with Anubis and REDIRECT_DOMAINS is not set. Attackers can craft malicious URLs that redirect users from legitimate Weblate domains to attacker-controlled sites, potentially enabling phishing attacks or drive-by downloads. Organizations running vulnerable Weblate instances with specific configurations are affected.

💻 Affected Systems

Products:
  • Weblate
Versions: 5.13.2 and below
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when configured with Anubis and REDIRECT_DOMAINS is not set

📦 What is this software?

Weblate by Weblate

View all CVEs affecting Weblate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to malicious sites that deliver malware via drive-by downloads, leading to system compromise, credential theft, or ransomware infection.

🟠

Likely Case

Phishing attacks where users are tricked into visiting fake login pages or malicious sites, potentially leading to credential harvesting.

🟢

If Mitigated

Redirects are blocked or users are warned about external links, minimizing the risk of successful attacks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting a malicious URL with the redir parameter

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.13.3

Vendor Advisory: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3xhv-r4gx-xw99

Restart Required: Yes

Instructions:

1. Backup your Weblate instance. 2. Update to version 5.13.3 or later using your package manager or Docker. 3. Restart the Weblate service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Set REDIRECT_DOMAINS

all

Configure REDIRECT_DOMAINS environment variable to restrict allowed redirect domains

export REDIRECT_DOMAINS=yourdomain.com

Disable Anubis Integration

all

Remove or disable Anubis configuration if not required

Modify Weblate configuration to remove Anubis settings

🧯 If You Can't Patch

  • Implement web application firewall rules to block URLs containing suspicious redir parameters
  • Configure reverse proxy to validate and sanitize redirect URLs before reaching Weblate

🔍 How to Verify

Check if Vulnerable:

Check Weblate version and configuration: 1. Verify version is 5.13.2 or below. 2. Check if Anubis is configured. 3. Verify REDIRECT_DOMAINS is not set.

Check Version:

weblate --version

Verify Fix Applied:

1. Confirm version is 5.13.3 or higher. 2. Test that redirects to external domains are blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with redir parameter pointing to external domains
  • Unusual redirect patterns in access logs

Network Indicators:

  • Outbound connections to unexpected domains following Weblate redirects

SIEM Query:

source="weblate" AND (url="*redir=*" OR status=302 OR status=301)

📊 Metadata

CVE ID: CVE-2025-61587
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-601
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: October 1, 2025
Last Updated: October 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61587, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)