{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T20:16:18.910","vulnerabilities":[{"cve":{"id":"CVE-2025-49134","sourceIdentifier":"security-advisories@github.com","published":"2025-06-16T21:15:24.167","lastModified":"2025-07-16T14:35:41.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12."},{"lang":"es","value":"Weblate es una herramienta de localización web. Antes de la versión 5.12, las notificaciones del registro de auditoría incluían la dirección IP completa del usuario. Esta podía obtenerse mediante servidores externos, como repetidores SMTP o filtros de spam. Este problema se ha corregido en la versión 5.12."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.12","matchCriteriaId":"9C3367BD-4AF1-4FFF-B652-AF187F10F9A8"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/15102","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}