Primary

Context

Weblate IP Address Leak Vulnerability in Audit Log

Vulnerability

Patched

A vulnerability in Weblate prior to version 5.14.1 allows for the unintentional disclosure of IP addresses belonging to project members who invite users to join the project. This information is recorded in the audit log, which can be accessed by the invited users. The issue arises because the audit log includes IP addresses from actions initiated by administrators, creating a potential privacy concern.

Impact

This vulnerability could lead to a privacy breach by exposing the IP address of an admin to invited users.

Remediation

Users can update to Weblate version 5.14.1 to address this vulnerability.

Added: Nov 6, 2025, 9:46 PM

Updated: Nov 6, 2025, 9:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate IP Address Leak Vulnerability in Audit Log

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating