Insufficient Session Expiration Affecting weblate package, versions [,5.13.1)

Q: How to fix?

Upgrade Weblate to version 5.13.1 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Insufficient Session Expiration vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-PYTHON-WEBLATE-12513639
published5 Sept 2025
disclosed4 Sept 2025
creditNahid Hasan Limon

Report a new vulnerability Found a mistake?

Introduced: 4 Sep 2025

NewCVE-2025-58352 (opens in a new tab) CWE-613 (opens in a new tab)

How to fix?

Upgrade Weblate to version 5.13.1 or higher.

Overview

Affected versions of this package are vulnerable to Insufficient Session Expiration due to unsafe settings for the second factor in 2FA. An attacker can bypass intended rate limiting by maintaining a valid session for an unusually long period and repeatedly attempting authentication.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
Passive

Confidentiality (VC)
Low
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None