CNNVD-202512-3332 Information

CNNVD ID

CNNVD-202512-3332

Related CVE

CVE-2025-68279

• CNNVD Published: 2025-12-18

Description (Chinese)

Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.15.1之前版本存在信息泄露漏洞，该漏洞源于特制符号链接处理不当，可能导致读取服务器文件系统任意文件。

Description (English)

Weblate is a weblate open source, a web-based free software-based localization system. There was an information leak in the pre-Weblate 5.15.1 version, which stemmed from the mishandling of unique symbol links, which could lead to the reading of any document in the server file system.

Hazard Level

Medium

Vulnerability Type

信息泄露

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/WeblateOrg/weblate/pull/17331 https://github.com/WeblateOrg/weblate/pull/17356 https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7

Patch

https://weblate.org/zh-hans/download/