CVE-2025-47951 Information

Description

Weblate is a web based localization tool. Prior to version 5.12 the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Reference

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384 https://github.com/WeblateOrg/weblate/pull/14918 https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q https://hackerone.com/reports/3150564

Related CNNVD

CNNVD-202506-1928 (Published: 2025-06-16)