CVE-2025-58352 is a vulnerability identified in Weblate, a web-based localization tool widely used for collaborative translation and localization projects. The affected versions are all releases prior to 5.13.1. The core issue is an insufficient session expiration mechanism during the second-factor authentication process. Specifically, the session duration during the second-factor verification phase is excessively long, which can be exploited to bypass the intended rate limiting controls on second-factor authentication attempts. Rate limiting is a critical security control designed to prevent brute-force or automated attacks by limiting the number of authentication attempts in a given time frame. By circumventing this control, an attacker could potentially perform repeated authentication attempts without being blocked, increasing the risk of successful unauthorized access through second-factor mechanisms. This vulnerability is classified under CWE-613 (Insufficient Session Expiration), indicating that session tokens or credentials remain valid longer than necessary, increasing the attack surface. The vulnerability does not require the attacker to have high privileges but does require some level of user interaction and possession of low privileges. The CVSS 4.0 base score is 2.1, indicating a low severity level, reflecting the limited impact and the complexity of exploitation. There are no known exploits in the wild at the time of publication, and the issue has been resolved in Weblate version 5.13.1. The vulnerability affects confidentiality and integrity to a limited extent, as it could facilitate unauthorized access if exploited, but does not directly impact availability or system integrity beyond authentication bypass risks.

For European organizations using Weblate versions prior to 5.13.1, this vulnerability could lead to increased risk of unauthorized access through second-factor authentication bypass. While the severity is low, the impact is more pronounced in organizations relying heavily on Weblate for managing sensitive localization projects, especially those involving confidential or proprietary content. Unauthorized access could lead to exposure or manipulation of translation data, which might include sensitive product information, legal documents, or internal communications. This could have downstream effects on intellectual property protection and compliance with data protection regulations such as GDPR. However, the low CVSS score and lack of known exploits suggest that the immediate risk is limited. Organizations with stringent security policies or those in regulated industries should still consider this vulnerability significant enough to warrant prompt remediation to maintain strong authentication controls.

European organizations should upgrade all Weblate instances to version 5.13.1 or later, where the session expiration issue during second-factor verification is fixed. Beyond patching, organizations should review and tighten session management policies, ensuring that session lifetimes are appropriately short, especially during sensitive authentication phases. Implement additional monitoring and alerting for unusual authentication patterns that might indicate attempts to bypass rate limiting. Where possible, enforce multi-factor authentication methods that are resistant to session-related bypasses and consider integrating Weblate authentication with centralized identity providers that offer robust session controls. Regularly audit and test the authentication mechanisms to verify that rate limiting and session expiration behave as expected. Finally, educate users and administrators about the importance of timely updates and secure session handling.