CVE-2025-64326 is a vulnerability classified under CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) affecting Weblate, a web-based localization tool widely used for software translation management. In versions 5.14 and earlier, the audit logs generated by Weblate include IP addresses associated with project members who invite new users to projects. These audit logs are accessible to invited users, meaning that users who receive an invitation can view the IP address of the inviter. This exposure of IP addresses constitutes a leakage of sensitive information, potentially compromising user privacy and enabling further reconnaissance by malicious actors. The vulnerability does not allow attackers to alter data or disrupt service but impacts confidentiality by revealing network information that should be protected. Exploitation requires that the attacker be invited to the project (user interaction) and have at least low privileges to access audit logs. The attack complexity is high due to the need for invitation and access. The issue was addressed and fixed in Weblate version 5.14.1, where IP addresses are no longer included in audit logs accessible to invited users. There are no known exploits in the wild, and the CVSS v3.1 base score is 2.6, reflecting a low severity. The vulnerability highlights the importance of sanitizing sensitive information before logging or sharing it with users who do not require such data.

For European organizations using Weblate versions prior to 5.14.1, this vulnerability could lead to unintended disclosure of IP addresses of project members, including administrators or other privileged users. While the direct impact on system integrity or availability is negligible, the confidentiality breach could facilitate targeted reconnaissance or social engineering attacks by revealing network information. Organizations involved in software localization, particularly those managing sensitive or proprietary projects, may face privacy compliance risks under regulations like GDPR if IP addresses are considered personal data. The exposure could also undermine trust among collaborators if sensitive information is leaked to unintended parties. However, since exploitation requires user invitation and interaction, the scope of impact is limited to invited users and their potential misuse of the information. Overall, the impact is primarily a privacy concern with limited operational consequences but should not be ignored in environments with strict data protection requirements.

The primary mitigation is to upgrade Weblate installations to version 5.14.1 or later, where the vulnerability is fixed by removing IP addresses from audit logs accessible to invited users. Until upgrading is possible, organizations should restrict audit log access strictly to trusted users and avoid inviting untrusted or external users to projects with sensitive audit logs. Additionally, review and adjust Weblate’s audit log permissions and visibility settings to minimize exposure of sensitive information. Implement network segmentation and monitoring to detect unusual access patterns that might indicate reconnaissance attempts. Educate project administrators and users about the risks of sharing audit log information and encourage minimal sharing of invitations. Finally, ensure compliance with data protection policies by treating IP addresses as sensitive personal data and applying appropriate controls to their storage and dissemination.