Description

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

INFO

Published Date :

2025-06-16T20:57:52.509Z

Last Modified :

2025-06-17T18:52:13.582Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47951 vulnerability.

Vendors Products
Weblate
  • Weblate
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47951.

URL Resource
https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/pull/14918 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q cve-icon cve-icon
https://hackerone.com/reports/3150564 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact