LOW
GHSA-m6hq-f4w9-qrjj
Weblate has improper validation upon invitation acceptance
Details
### Impact
It was possible to accept an invitation opened by a different Weblate user.
### Patches
* https://github.com/WeblateOrg/weblate/pull/16913
### Workarounds
Users should avoid leaving Weblate sessions with an unattended opened invitation.
### References
Thanks to Nahid0x for responsibly disclosing this vulnerability to Weblate.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2025-64725 [ADVISORY]
- https://github.com/WeblateOrg/weblate/pull/16913 [WEB]
- https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9 [WEB]
- https://github.com/WeblateOrg/weblate [PACKAGE]
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15 [WEB]