CVE-2025-32898_CVE-2025-32898

4.7 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Description

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

Basic Information

ID CVE-2025-32898

Source mitre

Published Dec 5, 2025 at 00:00

Modified Dec 5, 2025 at 04:30

Affected Product

Vendor KDE

Product KDE Connect verification-code protocol

Affected Versions KDE KDE Connect verification-code protocol 0

CWE Classification

CWE-331

References

{
    "lastseen": "",
    "description": "The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.",
    "published": "2025-12-05T00:00:00.000Z",
    "modified": "2025-12-05T04:30:35.365Z",
    "type": "cve",
    "title": "CVE-2025-32898",
    "source": "mitre",
    "references": "https://kdeconnect.kde.org\nhttps://kde.org/info/security/advisory-20250418-3.txt",
    "id": "CVE-2025-32898",
    "bulletinFamily": "",
    "cwe": [
        "CWE-331"
    ],
    "cvelist": null,
    "sourceData": "KDE KDE Connect verification-code protocol 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "KDE Connect verification-code protocol",
    "version": "0",
    "vendor": "KDE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}