CVE-2025-49134: Weblate exposes personal IP address via e-mail
(updated )
The audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters.
References
- github.com/WeblateOrg/weblate
- github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62
- github.com/WeblateOrg/weblate/pull/15102
- github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
- github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5
- github.com/advisories/GHSA-4qqf-9m5c-w2c5
- nvd.nist.gov/vuln/detail/CVE-2025-49134
Code Behaviors & Features
Detect and mitigate CVE-2025-49134 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →