CVE-2025-32901

A flaw was found in KDE Connect. This vulnerability allows an application crash via malicious device IDs sent via broadcast UDP User Datagram Protocol. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

Linux Distros Unpatched Vulnerability : CVE-2025-32900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device,...

Linux Distros Unpatched Vulnerability : CVE-2025-32901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash. CVE-2025-32901 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2025-32899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent...

CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

SUSE CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

SUSE CVE-2025-32899

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...

SUSE CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

SUSE CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

DEBIAN-CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

UBUNTU-CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

UBUNTU-CVE-2025-32901

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

CVE-2025-32899

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...

CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

UBUNTU-CVE-2025-32899

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...

KDE Connect 安全特征问题漏洞

KDE Connect is a software from the KDE community that connects cell phones and computers. A Security Feature Issue vulnerability exists in versions of KDE Connect prior to 2025-04-18, which stems from a captcha protocol that uses only 8 characters, which could lead to brute-force breaking attacks...