CVE-2025-47951

Published Jun 16, 2025

Last updated a day ago

CVSS medium 4.9

Overview

Description: Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.9
Impact score: 2.7
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-307

Hype score: Not currently trending

CVE-2025-47951 Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting … https://t.co/Rzsu27LHhy
@CVEnew
16 Jun 2025
583 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C3367BD-4AF1-4FFF-B652-AF187F10F9A8",
            "versionEndExcluding": "5.12"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.