← Back
2025-09-04 23:28CVE-2025-58352GitHub_M
PUBLISHED5.1CWE-613

Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

Problem type

Affected products

WeblateOrg

weblate

< 5.13.1 - AFFECTED

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728

x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/16002

https://github.com/WeblateOrg/weblate/pull/16002

x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908

https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908

x_refsource_MISC

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "cveMetadata": {
    "cveId": "CVE-2025-58352",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2025-09-04T23:28:26.035Z",
    "dateReserved": "2025-08-29T16:19:59.009Z",
    "datePublished": "2025-09-04T23:28:26.035Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2025-09-04T23:28:26.035Z"
      },
      "title": "Weblate has long session expiry times during second factor verification",
      "descriptions": [
        {
          "lang": "en",
          "value": "Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the  second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1."
        }
      ],
      "affected": [
        {
          "vendor": "WeblateOrg",
          "product": "weblate",
          "versions": [
            {
              "version": "< 5.13.1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-613: Insufficient Session Expiration",
              "cweId": "CWE-613",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728",
          "name": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        },
        {
          "url": "https://github.com/WeblateOrg/weblate/pull/16002",
          "name": "https://github.com/WeblateOrg/weblate/pull/16002",
          "tags": [
            "x_refsource_MISC"
          ]
        },
        {
          "url": "https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908",
          "name": "https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908",
          "tags": [
            "x_refsource_MISC"
          ]
        }
      ],
      "metrics": [
        {}
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-58352