Platform
python
Component
weblate
Fixed in
5.15.2
5.15.1
CVE-2025-68398 is a critical Remote Code Execution (RCE) vulnerability affecting Weblate versions up to 5.9.2. This flaw allows attackers to remotely overwrite Git configuration files, potentially enabling them to manipulate Git's behavior and execute arbitrary code. The vulnerability was responsibly disclosed and a fix is available in version 5.15.1.
The core of this vulnerability lies in the ability to remotely modify Weblate's Git configuration. Successful exploitation allows an attacker to inject malicious commands into Git's settings, effectively hijacking the version control system. This could lead to unauthorized code modifications, data exfiltration, and complete compromise of the Weblate instance and potentially the underlying server. The impact is particularly severe because Git is often used for managing source code and other sensitive files, making this a high-value target for attackers. A compromised Git configuration could also be leveraged to gain persistent access to the system, even after the initial vulnerability is patched.
CVE-2025-68398 was publicly disclosed on December 18, 2025. The vulnerability's impact and ease of exploitation suggest a potential for active exploitation, though no confirmed exploitation campaigns have been publicly reported as of this date. The responsible disclosure indicates a proactive approach by the researcher, which may have helped prevent widespread exploitation. No KEV listing is currently available.
Exploit Status
EPSS
0.66% (71% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-68398 is to immediately upgrade Weblate to version 5.15.1 or later. Before upgrading, it's crucial to back up your Weblate database and Git repositories to ensure data integrity. If an upgrade is not immediately feasible, consider restricting access to the Weblate instance and closely monitoring Git activity for any suspicious changes. While not a complete solution, implementing strict access controls and regularly auditing Git configuration files can help reduce the attack surface. After upgrading, verify the integrity of your Git repositories and Weblate configuration to ensure no malicious modifications have been made.
Update Weblate to version 5.15.1 or higher. This corrects the vulnerability that allows Git configuration overwriting and potential remote code execution. The update can be performed through the Python package manager (pip) or by following the upgrade instructions provided by WeblateOrg.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68398 is a critical Remote Code Execution vulnerability in Weblate versions 5.9.2 and earlier, allowing attackers to overwrite Git configuration and potentially execute arbitrary code.
If you are running Weblate version 5.9.2 or earlier, you are vulnerable to this RCE vulnerability. Upgrade to 5.15.1 or later to mitigate the risk.
Upgrade Weblate to version 5.15.1 or later. Back up your database and Git repositories before upgrading.
While no confirmed exploitation campaigns have been publicly reported, the vulnerability's impact suggests a potential for exploitation. Monitor your Weblate instance closely.
Refer to the official Weblate security advisory for detailed information and updates: [https://weblate.org/security/](https://weblate.org/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.