VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-uams-vzmg-aubk

Essentials
Severities (22)
References (9)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uams-vzmg-aubk
Aliases	CVE-2025-47951 GHSA-57jg-m997-cx3q
Summary	Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-307	Improper Restriction of Excessive Authentication Attempts
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2025-47951
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2025-47951
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2025-47951
cvssv3.1	4.9	https://github.com/WeblateOrg/weblate
generic_textual	MODERATE	https://github.com/WeblateOrg/weblate
cvssv3.1	4.9	https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
generic_textual	MODERATE	https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
ssvc	Track	https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
cvssv3.1	4.9	https://github.com/WeblateOrg/weblate/pull/14918
generic_textual	MODERATE	https://github.com/WeblateOrg/weblate/pull/14918
ssvc	Track	https://github.com/WeblateOrg/weblate/pull/14918
cvssv3.1	4.9	https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
generic_textual	MODERATE	https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
ssvc	Track	https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1
cvssv3.1	4.9	https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
generic_textual	MODERATE	https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
ssvc	Track	https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
cvssv3.1	4.9	https://hackerone.com/reports/3150564
generic_textual	MODERATE	https://hackerone.com/reports/3150564
ssvc	Track	https://hackerone.com/reports/3150564
cvssv3.1	4.9	https://nvd.nist.gov/vuln/detail/CVE-2025-47951
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-47951

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-47951
		https://github.com/WeblateOrg/weblate
		https://nvd.nist.gov/vuln/detail/CVE-2025-47951
14918		https://github.com/WeblateOrg/weblate/pull/14918
3150564		https://hackerone.com/reports/3150564
f806293451248c5d95e45b3b507e9d158bc4f384		https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384
GHSA-57jg-m997-cx3q		https://github.com/advisories/GHSA-57jg-m997-cx3q
GHSA-57jg-m997-cx3q		https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q
weblate-5.12.1		https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ Found at https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/pull/14918

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ Found at https://github.com/WeblateOrg/weblate/pull/14918

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ Found at https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ Found at https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://hackerone.com/reports/3150564

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ Found at https://hackerone.com/reports/3150564

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-47951

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.42191
EPSS Score	0.00201
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:13:50.610062+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/47xxx/CVE-2025-47951.json	38.6.0