Weblate has long session expiry times during second factor verification

2.1 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

Basic Information

ID CVE-2025-58352

Source GitHub_M

Published Sep 4, 2025 at 23:28

Affected Product

Vendor WeblateOrg

Product weblate

Version < 5.13.1

Affected Versions WeblateOrg weblate < 5.13.1

CWE Classification

CWE-613

References

{
    "lastseen": "",
    "description": "Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the  second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.",
    "published": "2025-09-04T23:28:26.035Z",
    "modified": "2025-09-04T23:28:26.035Z",
    "type": "cve",
    "title": "Weblate has long session expiry times during second factor verification",
    "source": "GitHub_M",
    "references": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728\nhttps://github.com/WeblateOrg/weblate/pull/16002\nhttps://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908",
    "id": "CVE-2025-58352",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "WeblateOrg weblate < 5.13.1",
    "sourceHref": "",
    "cvss": {
        "score": 2.1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "weblate",
    "version": "< 5.13.1",
    "vendor": "WeblateOrg",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Weblate has long session expiry times during second factor verification_CVE-2025-58352