CVE-2025-32900

MEDIUM

KDE Connect <2025-04-18 - Info Disclosure

Title source: llm

Description

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

Exploits (1)

gitlab WORKING POC
by randshell · poc
https://gitlab.com/randshell/kde-connect-security-disclosure

References (2)

Scores

CVSS v3 4.3
EPSS 0.0001
EPSS Percentile 1.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-348
Status draft

Timeline

Published Dec 05, 2025
Tracked Since Feb 18, 2026