{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-58352","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-08-29T16:19:59.009Z","datePublished":"2025-09-04T23:28:26.035Z","dateUpdated":"2025-09-05T15:18:03.858Z"},"containers":{"cna":{"title":"Weblate has long session expiry times during second factor verification","problemTypes":[{"descriptions":[{"cweId":"CWE-613","lang":"en","description":"CWE-613: Insufficient Session Expiration","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":2.1,"baseSeverity":"LOW","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728","tags":["x_refsource_CONFIRM"],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728"},{"name":"https://github.com/WeblateOrg/weblate/pull/16002","tags":["x_refsource_MISC"],"url":"https://github.com/WeblateOrg/weblate/pull/16002"},{"name":"https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908","tags":["x_refsource_MISC"],"url":"https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908"}],"affected":[{"vendor":"WeblateOrg","product":"weblate","versions":[{"version":"< 5.13.1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-09-04T23:28:26.035Z"},"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the  second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1."}],"source":{"advisory":"GHSA-377j-wj38-4728","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-05T15:17:51.931063Z","id":"CVE-2025-58352","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-05T15:18:03.858Z"}}]}}