How severe is CVE-2025-32021?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-32021?

This is classified as CWE-598, which is a common weakness in software security.

CVE-2025-32021 - HIGH Severity | CVSS 7.5

Vulnerability Description

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11.

Related Vulnerabilities

CVE-2017-9280

HIGH

CVSS:7.5(High)

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, ...

CWE-5982017

CVE-2021-41719

HIGH

CVSS:7.5(High)

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive in...

CWE-5982021

CVE-2023-32335

HIGH

CVSS:7.5(High)

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have acc...

CWE-5982023

CVE-2023-37935

HIGH

CVSS:7.5(High)

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services suc...

CWE-5982023

CVE-2024-23766

HIGH

CVSS:7.5(High)

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus g...

CWE-5982024

CVE-2024-38863

LOW

CVSS:7.5(High)

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing...

CWE-5982024