Improper Validation of Syntactic Correctness of Input

CVE-2025-67492

Medium

5.3/10

Summary

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

References

Advisory
Pull request

Advisory Timeline

Published Dec 16, 2025

Improper Validation of Syntactic Correctness of Input

CVE-2025-67492

Summary

CWE-1286 - Improper Validation of Syntactic Correctness of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS