CVE-2025-64326: Weblate leaks the IP of project member inviting user to be reviewer in Audit log

November 5, 2025 (updated November 6, 2025)

Weblate leaks the IP address of the project member inviting the user to the project in the audit log.

References

github.com/WeblateOrg/weblate
github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574
github.com/WeblateOrg/weblate/pull/16781
github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc
github.com/advisories/GHSA-gr35-vpx2-qxhc
nvd.nist.gov/vuln/detail/CVE-2025-64326

Code Behaviors & Features

Detect and mitigate CVE-2025-64326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →