Plateforme
python
Composant
weblate
Corrigé dans
5.15.2
5.15.1
CVE-2025-68398 is a critical Remote Code Execution (RCE) vulnerability affecting Weblate versions up to 5.9.2. This flaw allows attackers to remotely overwrite Git configuration files, potentially enabling them to manipulate Git's behavior and execute arbitrary code. The vulnerability was responsibly disclosed and a fix is available in version 5.15.1.
The core of this vulnerability lies in the ability to remotely modify Weblate's Git configuration. Successful exploitation allows an attacker to inject malicious commands into Git's settings, effectively hijacking the version control system. This could lead to unauthorized code modifications, data exfiltration, and complete compromise of the Weblate instance and potentially the underlying server. The impact is particularly severe because Git is often used for managing source code and other sensitive files, making this a high-value target for attackers. A compromised Git configuration could also be leveraged to gain persistent access to the system, even after the initial vulnerability is patched.
CVE-2025-68398 was publicly disclosed on December 18, 2025. The vulnerability's impact and ease of exploitation suggest a potential for active exploitation, though no confirmed exploitation campaigns have been publicly reported as of this date. The responsible disclosure indicates a proactive approach by the researcher, which may have helped prevent widespread exploitation. No KEV listing is currently available.
Organizations utilizing Weblate for translation management, particularly those with public-facing instances or those integrating Weblate with sensitive code repositories, are at significant risk. Shared hosting environments where multiple users share a Weblate instance are also particularly vulnerable, as a compromise could affect all users on the shared server.
• python / server:
import os
import subprocess
def check_git_config(config_file):
try:
result = subprocess.run(['git', 'config', '--list'], capture_output=True, text=True, check=True)
return result.stdout
except subprocess.CalledProcessError as e:
return f"Error: {e}"
# Example usage:
config_file = '.git/config' # Adjust path as needed
output = check_git_config(config_file)
print(output)• generic web: Check Weblate configuration files for unexpected or suspicious entries. Review access logs for unusual activity related to Git configuration changes.
disclosure
Statut de l'Exploit
EPSS
0.66% (percentile 71%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-68398 is to immediately upgrade Weblate to version 5.15.1 or later. Before upgrading, it's crucial to back up your Weblate database and Git repositories to ensure data integrity. If an upgrade is not immediately feasible, consider restricting access to the Weblate instance and closely monitoring Git activity for any suspicious changes. While not a complete solution, implementing strict access controls and regularly auditing Git configuration files can help reduce the attack surface. After upgrading, verify the integrity of your Git repositories and Weblate configuration to ensure no malicious modifications have been made.
Mettez à jour Weblate à la version 5.15.1 ou supérieure. Cela corrige la vulnérabilité permettant l'écrasement de la configuration Git et l'éventuelle exécution de code à distance. La mise à jour peut être effectuée via le gestionnaire de paquets Python (pip) ou en suivant les instructions de mise à jour fournies par WeblateOrg.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-68398 is a critical Remote Code Execution vulnerability in Weblate versions 5.9.2 and earlier, allowing attackers to overwrite Git configuration and potentially execute arbitrary code.
If you are running Weblate version 5.9.2 or earlier, you are vulnerable to this RCE vulnerability. Upgrade to 5.15.1 or later to mitigate the risk.
Upgrade Weblate to version 5.15.1 or later. Back up your database and Git repositories before upgrading.
While no confirmed exploitation campaigns have been publicly reported, the vulnerability's impact suggests a potential for exploitation. Monitor your Weblate instance closely.
Refer to the official Weblate security advisory for detailed information and updates: [https://weblate.org/security/](https://weblate.org/security/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.