CVE-2025-66270_CVE-2025-66270

4.7 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Description

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Basic Information

ID CVE-2025-66270

Source mitre

Published Dec 5, 2025 at 00:00

Modified Dec 5, 2025 at 05:25

Affected Product

Vendor KDE

Product KDE Connect protocol

Version 8

Affected Versions KDE KDE Connect protocol 8

CWE Classification

CWE-290

References

{
    "lastseen": "",
    "description": "The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.",
    "published": "2025-12-05T00:00:00.000Z",
    "modified": "2025-12-05T05:25:41.584Z",
    "type": "cve",
    "title": "CVE-2025-66270",
    "source": "mitre",
    "references": "https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e\nhttps://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9\nhttps://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080\nhttps://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3\nhttps://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce\nhttps://kde.org/info/security/advisory-20251128-1.txt",
    "id": "CVE-2025-66270",
    "bulletinFamily": "",
    "cwe": [
        "CWE-290"
    ],
    "cvelist": null,
    "sourceData": "KDE KDE Connect protocol 8",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "KDE Connect protocol",
    "version": "8",
    "vendor": "KDE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}