Upstream information

CVE-2025-49134 at MITRE

Description

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.3 2.2
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network Network
Attack Complexity Low High
Privileges Required None High
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact Low Low
Integrity Impact None None
Availability Impact None None
CVSSv3 Version 3.1 3.1
CVSS v4 Scores
  CNA (GitHub) SUSE
Base Score 2.1 2.1
Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network Network
Attack Complexity High High
Attack Requirements None None
Privileges Required High High
User Interaction None None
Vulnerable System Confidentiality Impact None None
Vulnerable System Integrity Impact None None
Vulnerable System Availability Impact None None
Subsequent System Confidentiality Impact Low Low
Subsequent System Integrity Impact None None
Subsequent System Availability Impact None None
CVSSv4 Version 4.0 4.0
SUSE Bugzilla entry: 1244678 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Tue Jun 17 00:00:42 2025
CVE page last modified: Thu Jul 17 12:27:16 2025