5.15.2
5.15.1
CVE-2025-68398 is a critical Remote Code Execution (RCE) vulnerability affecting Weblate versions up to 5.9.2. This flaw allows attackers to remotely overwrite Git configuration files, potentially enabling them to manipulate Git's behavior and execute arbitrary code. The vulnerability was responsibly disclosed and a fix is available in version 5.15.1.
The core of this vulnerability lies in the ability to remotely modify Weblate's Git configuration. Successful exploitation allows an attacker to inject malicious commands into Git's settings, effectively hijacking the version control system. This could lead to unauthorized code modifications, data exfiltration, and complete compromise of the Weblate instance and potentially the underlying server. The impact is particularly severe because Git is often used for managing source code and other sensitive files, making this a high-value target for attackers. A compromised Git configuration could also be leveraged to gain persistent access to the system, even after the initial vulnerability is patched.
CVE-2025-68398 was publicly disclosed on December 18, 2025. The vulnerability's impact and ease of exploitation suggest a potential for active exploitation, though no confirmed exploitation campaigns have been publicly reported as of this date. The responsible disclosure indicates a proactive approach by the researcher, which may have helped prevent widespread exploitation. No KEV listing is currently available.
Organizations utilizing Weblate for translation management, particularly those with public-facing instances or those integrating Weblate with sensitive code repositories, are at significant risk. Shared hosting environments where multiple users share a Weblate instance are also particularly vulnerable, as a compromise could affect all users on the shared server.
• python / server:
import os
import subprocess
def check_git_config(config_file):
try:
result = subprocess.run(['git', 'config', '--list'], capture_output=True, text=True, check=True)
return result.stdout
except subprocess.CalledProcessError as e:
return f"Error: {e}"
# Example usage:
config_file = '.git/config' # Adjust path as needed
output = check_git_config(config_file)
print(output)• generic web: Check Weblate configuration files for unexpected or suspicious entries. Review access logs for unusual activity related to Git configuration changes.
disclosure
漏洞利用状态
EPSS
0.66% (71% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-68398 is to immediately upgrade Weblate to version 5.15.1 or later. Before upgrading, it's crucial to back up your Weblate database and Git repositories to ensure data integrity. If an upgrade is not immediately feasible, consider restricting access to the Weblate instance and closely monitoring Git activity for any suspicious changes. While not a complete solution, implementing strict access controls and regularly auditing Git configuration files can help reduce the attack surface. After upgrading, verify the integrity of your Git repositories and Weblate configuration to ensure no malicious modifications have been made.
将 Weblate 更新到 5.15.1 或更高版本。这修复了允许覆盖 Git 配置和潜在远程代码执行的漏洞。可以通过 Python 包管理器 (pip) 进行更新,或遵循 WeblateOrg 提供的更新说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-68398 is a critical Remote Code Execution vulnerability in Weblate versions 5.9.2 and earlier, allowing attackers to overwrite Git configuration and potentially execute arbitrary code.
If you are running Weblate version 5.9.2 or earlier, you are vulnerable to this RCE vulnerability. Upgrade to 5.15.1 or later to mitigate the risk.
Upgrade Weblate to version 5.15.1 or later. Back up your database and Git repositories before upgrading.
While no confirmed exploitation campaigns have been publicly reported, the vulnerability's impact suggests a potential for exploitation. Monitor your Weblate instance closely.
Refer to the official Weblate security advisory for detailed information and updates: [https://weblate.org/security/](https://weblate.org/security/)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 requirements.txt 文件,立即知道是否受影响。