Primary

Context

Weblate Arbitrary File Read Vulnerability via Symbolic Links

Vulnerability

Patched

A vulnerability in Weblate, a web-based localization tool, allows for arbitrary file reading from the server's file system. This issue affects Weblate versions prior to 5.15.1 and arises from crafted symbolic links in the repository that could be exploited to access unauthorized files.

Impact

Exploitation of this vulnerability could lead to unauthorized access and reading of sensitive files on the server.

Remediation

Users can upgrade to Weblate version 5.15.1, which addresses this vulnerability. The update is available on the Weblate GitHub Releases page.

Added: Dec 18, 2025, 11:25 PM

Updated: Dec 18, 2025, 11:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Arbitrary File Read Vulnerability via Symbolic Links

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating