CVE-2025-64725: Weblate has improper validation upon invitation acceptance
(updated )
It was possible to accept an invitation opened by a different Weblate user.
References
- github.com/WeblateOrg/weblate
- github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9
- github.com/WeblateOrg/weblate/pull/16913
- github.com/WeblateOrg/weblate/releases/tag/weblate-5.15
- github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj
- github.com/advisories/GHSA-m6hq-f4w9-qrjj
- nvd.nist.gov/vuln/detail/CVE-2025-64725
Code Behaviors & Features
Detect and mitigate CVE-2025-64725 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →