Login Sign Up

CVE-2025-68279

7.7 HIGH
Path Traversal

📋 TL;DR

This vulnerability in Weblate allows attackers to read arbitrary files from the server file system by exploiting crafted symbolic links in repositories. It affects all Weblate installations prior to version 5.15.1. Attackers could potentially access sensitive configuration files, credentials, or other system data.

💻 Affected Systems

Products:
  • Weblate
Versions: All versions prior to 5.15.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All Weblate installations using the affected versions are vulnerable regardless of configuration.

📦 What is this software?

Weblate by Weblate

View all CVEs affecting Weblate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, database credentials, or configuration secrets leading to lateral movement or data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files containing API keys, passwords, or proprietary data stored on the server.

🟢

If Mitigated

Limited file access restricted by file permissions and proper repository isolation, potentially only accessing non-sensitive files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to create or modify repository content with symbolic links, typically requiring some level of access to the Weblate instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15.1

Vendor Advisory: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7

Restart Required: Yes

Instructions:

1. Backup your Weblate instance and database. 2. Update to Weblate version 5.15.1 or later using your package manager or installation method. 3. Restart the Weblate service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict repository access

all

Limit who can create or modify repositories to trusted users only

File system permissions hardening

linux

Set strict file permissions on sensitive directories and files outside the repository scope

chmod 600 /etc/weblate/settings.py
chmod 700 /var/lib/weblate

🧯 If You Can't Patch

  • Implement strict access controls on repository creation and modification
  • Monitor for suspicious file access patterns and audit repository content regularly

🔍 How to Verify

Check if Vulnerable:

Check Weblate version via admin interface or command: weblate --version

Check Version:

weblate --version

Verify Fix Applied:

Confirm version is 5.15.1 or later and test repository operations with symbolic links

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from Weblate processes
  • Multiple failed attempts to access files outside repository scope

Network Indicators:

  • Unusual data exfiltration from Weblate server

SIEM Query:

source="weblate" AND (event="file_access" OR event="repository_operation") AND path NOT CONTAINS "/var/lib/weblate/"

📊 Metadata

CVE ID: CVE-2025-68279
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 0.06% exploit probability (17.3th percentile)
Published: December 18, 2025
Last Updated: January 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68279, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)