CVE-2025-61587 is an open redirect vulnerability identified in Weblate, a web-based localization platform widely used for software translation management. The flaw exists in versions 5.13.2 and earlier when Weblate is configured with the Anubis backend and the REDIRECT_DOMAINS setting is not defined. The vulnerability arises from insufficient validation of the 'redir' parameter on the .within.website domain, allowing attackers to craft URLs that appear legitimate but redirect victims to attacker-controlled websites. This can facilitate social engineering attacks such as phishing or drive-by downloads by redirecting users to malicious payloads hosted externally. The vulnerability does not require authentication but does require user interaction to follow the crafted URL. The CVSS 4.0 base score is 2.1, reflecting low severity due to limited impact on confidentiality, integrity, and availability, and the absence of direct system compromise. No known exploits are reported in the wild as of publication. The issue is resolved in Weblate version 5.13.3, which includes proper validation and configuration options to restrict redirect domains. The vulnerability is categorized under CWE-601 (Open Redirect) and CWE-1395 (Improper Input Validation).

For European organizations, the primary risk lies in the potential for phishing and social engineering attacks leveraging trusted Weblate URLs to redirect users to malicious sites. This could lead to credential theft, malware infections, or drive-by downloads, particularly affecting employees involved in localization or software development workflows. While the vulnerability does not allow direct compromise of Weblate servers or data, the reputational damage and operational disruption from successful phishing campaigns could be significant. Organizations relying heavily on Weblate for localization, especially those integrating it into critical development pipelines, may face increased risk. The low CVSS score indicates limited direct technical impact, but the human factor risk remains relevant. Additionally, if attackers combine this vulnerability with other exploits, the overall threat could escalate. The absence of known exploits reduces immediate urgency but does not eliminate risk.

European organizations should immediately upgrade Weblate installations to version 5.13.3 or later to remediate the vulnerability. If upgrading is not immediately feasible, administrators should configure the REDIRECT_DOMAINS setting to explicitly whitelist trusted domains, preventing arbitrary redirects. Implement strict URL validation and sanitization on any user-controllable redirect parameters. Educate users about the risks of clicking on unexpected or suspicious links, especially those appearing to originate from trusted internal tools. Employ web security gateways or URL filtering solutions to detect and block known malicious redirect destinations. Monitor Weblate logs for unusual redirect parameter usage or spikes in redirect traffic. Integrate multi-factor authentication and endpoint protection to reduce the impact of potential phishing or malware delivery. Finally, maintain an incident response plan that includes phishing detection and user awareness training tailored to localization and development teams.