CVE-2025-68398 – This vulnerability in Weblate allows remote att... (How to Fix)

Q: What is the severity of CVE-2025-68398?

CVE-2025-68398 has a CVSS score of 9.1 (CRITICAL). This vulnerability in Weblate allows remote attackers to overwrite Git configuration settings, potentially altering Git behavior and enabling further attacks. It affects all Weblate instances running versions before 5.15.1. The high CVSS score indicates significant security impact.

📋 TL;DR

This vulnerability in Weblate allows remote attackers to overwrite Git configuration settings, potentially altering Git behavior and enabling further attacks. It affects all Weblate instances running versions before 5.15.1. The high CVSS score indicates significant security impact.

💻 Affected Systems

Products:

Weblate

Versions: All versions prior to 5.15.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Weblate deployments with default configurations are vulnerable

📦 What is this software?

Weblate by Weblate

View all CVEs affecting Weblate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution, data corruption, or complete system compromise through manipulated Git operations

🟠

Likely Case

Unauthorized modification of translation repositories, injection of malicious code, or disruption of localization workflows

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent unauthorized access to Weblate interface

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to Weblate interface but no authentication bypass

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15.1

Vendor Advisory: https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1

Restart Required: Yes

Instructions:

1. Backup your Weblate data and configuration. 2. Update to Weblate 5.15.1 using your package manager or pip. 3. Restart Weblate services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Weblate interface to trusted IP addresses only

# Configure firewall rules to limit access
# Example: iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
# Example: iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit Weblate access
Enable detailed logging and monitoring for suspicious Git configuration changes

🔍 How to Verify

Check if Vulnerable:

Check Weblate version: if version is less than 5.15.1, system is vulnerable

Check Version:

weblate --version

Verify Fix Applied:

Confirm Weblate version is 5.15.1 or higher and review Git configuration files for unauthorized changes

📡 Detection & Monitoring

Log Indicators:

Unexpected Git configuration changes
Unauthorized access attempts to Weblate admin interface
Unusual Git operations in Weblate logs

Network Indicators:

Unusual traffic patterns to Weblate Git endpoints
Suspicious requests modifying configuration parameters

SIEM Query:

source="weblate.logs" AND ("git config" OR "configuration change")

📊 Metadata

CVE ID: CVE-2025-68398

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.28% exploit probability (50.7th percentile)

Published: December 18, 2025

Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68398, you might also want to check these: