SecuriTricks - CVE-2025-32900

Description

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

Product(s) Impacted

Vendor	Product	Versions
Kde	Kde Connect Valent Gsconnect	<1.33.0, 25.04, 0.5 <1.0.0.alpha.47 <59

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-348

Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	kde	kde_connect	<1.33.0	/	/	/	/	/	/	/
a	kde	kde_connect	25.04	/	/	/	/	/	/	/
a	kde	kde_connect	0.5	/	/	/	/	/	/	/
a	kde	valent	<1.0.0.alpha.47	/	/	/	/	/	/	/
a	kde	gsconnect	<59	/	/	/	/	/	/	/

References

https://kde.org/info/security/advisory-20250418-2.txt

https://kdeconnect.kde.org

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: ADJACENT_NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

View Vector String

Timeline

Published: Dec. 5, 2025, 6:16 a.m.
Last Modified: Dec. 5, 2025, 6:16 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-32900