In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 05 Dec 2025 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | |
| Weaknesses | CWE-348 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-12-05T05:34:03.875Z
Reserved: 2025-04-14T00:00:00.000Z
Link: CVE-2025-32900
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-12-05T06:16:08.900
Modified: 2025-12-05T06:16:08.900
Link: CVE-2025-32900
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses