CNNVD-202512-2750 Information

CNNVD ID

CNNVD-202512-2750

Related CVE

CVE-2025-66407

• CNNVD Published: 2025-12-16

Description (Chinese)

Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.15之前版本存在跨站请求伪造漏洞，该漏洞源于创建组件功能中的存储库URL字段未经验证或清理，可能导致服务器端请求伪造和本地文件枚举。

Description (English)

Weblate is a weblate open source, a web-based free software-based localization system. The previous version of Weblate 5.15 had a cross-site request for a forgery loophole, which originated from the unverified or uncleaned repository URL field in the creation of the component function, which could lead the server to request a forgery and local file count.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Weblate

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/WeblateOrg/weblate/pull/17102 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hfpv-mc5v-p9mm https://github.com/WeblateOrg/weblate/pull/17103 https://access.redhat.com/security/cve/cve-2025-66407

Patch

https://weblate.org/zh-hans/download/