CVE-2025-67492 – This vulnerability in Weblate allows attackers ... (How to Fix)

Q: What is the severity of CVE-2025-67492?

CVE-2025-67492 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Weblate allows attackers to trigger excessive repository updates via malicious webhook payloads, potentially causing denial of service through resource exhaustion. It affects all Weblate instances with webhooks enabled prior to version 5.15. Organizations using Weblate for localization management are impacted.

📋 TL;DR

This vulnerability in Weblate allows attackers to trigger excessive repository updates via malicious webhook payloads, potentially causing denial of service through resource exhaustion. It affects all Weblate instances with webhooks enabled prior to version 5.15. Organizations using Weblate for localization management are impacted.

💻 Affected Systems

Products:

Weblate

Versions: All versions prior to 5.15

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with webhooks enabled (default configuration).

📦 What is this software?

Weblate by Weblate

View all CVEs affecting Weblate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through resource exhaustion, overwhelming system resources with simultaneous repository updates, potentially causing extended downtime.

🟠

Likely Case

Degraded performance and intermittent service interruptions as system resources are consumed by excessive repository update operations.

🟢

If Mitigated

Minimal impact with proper rate limiting and monitoring in place, though some performance degradation may still occur during attack attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to send crafted webhook payloads to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15

Vendor Advisory: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf

Restart Required: Yes

Instructions:

1. Backup your Weblate instance and database. 2. Update Weblate to version 5.15 or later using your package manager or pip. 3. Restart the Weblate service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Webhooks

all

Completely disable webhook functionality to prevent exploitation

Set ENABLE_HOOKS = False in your settings.py or environment variables

🧯 If You Can't Patch

Implement strict rate limiting on webhook endpoints
Deploy WAF rules to detect and block malicious webhook payload patterns

🔍 How to Verify

Check if Vulnerable:

Check Weblate version: if version < 5.15 and webhooks are enabled, system is vulnerable.

Check Version:

weblate --version or check Weblate web interface admin panel

Verify Fix Applied:

Verify Weblate version is 5.15 or higher and test webhook functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Multiple repository update operations triggered in rapid succession
Unusual webhook activity patterns
Resource exhaustion warnings in system logs

Network Indicators:

High volume of webhook requests to Weblate endpoints
Unusual payload patterns in webhook traffic

SIEM Query:

source="weblate" AND ("repository update" OR "webhook") | stats count by src_ip, user_agent | where count > threshold

📊 Metadata

CVE ID: CVE-2025-67492

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-1286

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: December 16, 2025

Last Updated: December 17, 2025

🔗 References

https://github.com/WeblateOrg/weblate/pull/17221 Issue Tracking,Patch
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67492, you might also want to check these: