Main Vulnerability Database Vulnerabilities #VU107600

#VU107600 Insufficient verification of data authenticity in KDE.org products - CVE-2025-32900

Published: April 18, 2025

Vulnerability identifier: #VU107600

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-32900

CWE-ID: CWE-345

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
KDE Connect
KDE Connect Android
KDE Connect iOS

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to impersonate other devices on the network.

The vulnerability exists due to the way KDE Connect handles broadcasts and discovers devices inside the network. A remote attacker on the local network can send broadcast UDP packets that contain display name of another system and perform spoofing attack.

Remediation

Install updates from vendor's website.

External links

https://kde.org/info/security/advisory-20250418-2.txt