Platform
python
Component
weblate
Fixed in
5.15.2
5.15.1
CVE-2025-68279 describes an Arbitrary File Access vulnerability discovered in Weblate. This flaw allows attackers to read arbitrary files from the server's file system by exploiting crafted symbolic links within the repository. Versions of Weblate prior to 5.15.1 are affected. A fix has been released in version 5.15.1.
The primary impact of CVE-2025-68279 is unauthorized access to sensitive files stored on the server. An attacker could leverage symbolic link manipulation to bypass intended access controls and read configuration files, source code, database credentials, or any other file accessible to the Weblate process. This could lead to complete compromise of the server and its data. The ability to read arbitrary files significantly expands the potential attack surface and allows for information disclosure that could be used in further attacks.
CVE-2025-68279 was responsibly disclosed by Jason Marcello. As of the publication date (2025-12-18), there is no indication of active exploitation or KEV listing. Public proof-of-concept code is not currently available, but the nature of the vulnerability suggests it could be relatively easy to exploit once a PoC is developed. The EPSS score is likely to be assessed as medium, given the potential for data exposure.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2025-68279 is to immediately upgrade Weblate to version 5.15.1 or later. If upgrading is not immediately feasible, consider restricting file system access for the Weblate user to only necessary directories. Implement strict input validation and sanitization for any user-supplied data used in file path construction. While not a direct fix, employing a Web Application Firewall (WAF) with rules to detect and block attempts to access files via symbolic links can provide an additional layer of defense. After upgrading, confirm the vulnerability is resolved by attempting to access a restricted file via a symbolic link – the request should be denied.
Actualice Weblate a la versión 5.15.1 o superior. Esta versión corrige la vulnerabilidad de lectura arbitraria de archivos mediante enlaces simbólicos. La actualización se puede realizar a través del gestor de paquetes de Python (pip) o siguiendo las instrucciones de actualización proporcionadas por WeblateOrg.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68279 is a vulnerability in Weblate versions ≤5.9.2 that allows attackers to read arbitrary files on the server via symbolic link manipulation, carrying a CVSS score of 7.7 (HIGH).
You are affected if you are running Weblate version 5.9.2 or earlier. Upgrade to version 5.15.1 or later to mitigate the risk.
Upgrade Weblate to version 5.15.1 or later. If immediate upgrade is not possible, restrict file system access and consider WAF rules.
As of the current disclosure date, there is no evidence of active exploitation, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official Weblate security advisory for detailed information and updates: [https://weblate.org/security/](https://weblate.org/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.