Weblate has git config file overwrite vulnerability that leads to...

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

AI Analysis

Git configuration overwrite vulnerability leading to remote code execution

Basic Information

ID CVE-2025-68398

Source GitHub_M

Published Dec 18, 2025 at 23:00

Affected Product

Vendor WeblateOrg

Product weblate

Version < 5.15.1

Affected Versions WeblateOrg weblate < 5.15.1

CWE Classification

CWE-20 CWE-22 CWE-434

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor WeblateOrg

Product Weblate

Version < 5.15.1

References

{
    "lastseen": "",
    "description": "Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.",
    "published": "2025-12-18T23:00:57.790Z",
    "modified": "2025-12-18T23:00:57.790Z",
    "type": "cve",
    "title": "Weblate has git config file overwrite vulnerability that leads to remote code execution",
    "source": "GitHub_M",
    "references": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3\nhttps://github.com/WeblateOrg/weblate/pull/17330\nhttps://github.com/WeblateOrg/weblate/pull/17345\nhttps://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1",
    "id": "CVE-2025-68398",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-22",
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "WeblateOrg weblate < 5.15.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "weblate",
    "version": "< 5.15.1",
    "vendor": "WeblateOrg",
    "ai_description": "Git configuration overwrite vulnerability leading to remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "WeblateOrg",
    "ai_product": "Weblate",
    "ai_version": "< 5.15.1",
    "ai_score": 9.1
}

Weblate has git config file overwrite vulnerability that leads to remote code execution_CVE-2025-68398