Listen to this Post
How the CVE Works
The vulnerability in Weblate (CVE-2025-XXXX) exposes users’ personal IP addresses through audit log notifications sent via email. When Weblate generates audit logs, it includes the full IP address of the user performing actions. These logs are then emailed, allowing third-party servers (such as SMTP relays or spam filters) to intercept and log the IP addresses. This unintended exposure could lead to privacy risks, as IP addresses can be used to track or identify users. The flaw was fixed in Weblate 5.12 by removing IP addresses from audit log emails.
DailyCVE Form
Platform: Weblate
Version: <5.12
Vulnerability: IP exposure
Severity: Low
Date: Jun 16, 2025
Prediction: Patch released (Weblate 5.12)
What Undercode Say
Analytics:
grep -r "audit_log_notification" /var/log/weblate/ curl -X GET http://localhost:8080/api/audit-logs/
How Exploit:
Intercept SMTP traffic to extract audit logs containing user IPs.
Protection from this CVE:
Upgrade to Weblate 5.12.
Impact:
Privacy risk via IP leakage.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
