Description

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an attacker-controlled site. The redirect can also be used to initiate drive-by downloads (redirecting to a URL that serves a malicious file), increasing the risk to end users. This issue is fixed in version 5.13.3.

INFO

Published Date :

2025-10-01T22:01:00.707Z

Last Modified :

2025-10-01T22:01:00.707Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61587 vulnerability.

Vendors Products
Weblate
  • Weblate
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61587.

URL Resource
https://github.com/WeblateOrg/docker/commit/76518342f65b8af8c2b7f7c5d37f84813c1253a1 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/commit/6b3d73a310279b5630bca8cbd9ea0be28bc67b63 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/commit/ec3b900f8a52c5c992d9e7014f09397e159ac381 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3xhv-r4gx-xw99 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability