{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-32901", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-12-05T14:33:55.971Z", "dateReserved": "2025-04-14T00:00:00.000Z", "datePublished": "2025-12-05T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KDEConnect", "vendor": "KDE", "versions": [{"lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-05T05:12:40.025Z"}, "references": [{"url": "https://kdeconnect.kde.org"}, {"url": "https://kde.org/info/security/advisory-20250418-4.txt"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kde:kdeconnect:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.33.0"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T14:33:45.752580Z", "id": "CVE-2025-32901", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:33:55.971Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32901", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T14:33:45.752580Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:33:51.438Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "KDE", "product": "KDEConnect", "versions": [{"status": "affected", "version": "0", "lessThan": "1.33.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://kdeconnect.kde.org"}, {"url": "https://kde.org/info/security/advisory-20250418-4.txt"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kdeconnect:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.33.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-05T05:12:40.025Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32901", "state": "PUBLISHED", "dateUpdated": "2025-12-05T14:33:55.971Z", "dateReserved": "2025-04-14T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-12-05T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash."}], "id": "CVE-2025-32901", "lastModified": "2025-12-08T18:27:15.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-12-05T05:17:02.380", "references": [{"source": "cve@mitre.org", "url": "https://kde.org/info/security/advisory-20250418-4.txt"}, {"source": "cve@mitre.org", "url": "https://kdeconnect.kde.org"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "kde-connect: KDE Connect: Application crash via malicious device IDs", "id": "2419083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419083"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-1287", "details": ["In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.", "A flaw was found in KDE Connect. This vulnerability allows an application crash via malicious device IDs sent via broadcast UDP (User Datagram Protocol)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-32901", "public_date": "2025-12-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32901\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32901\nhttps://kde.org/info/security/advisory-20250418-4.txt\nhttps://kdeconnect.kde.org"], "statement": "This vulnerability is rated Moderate for Red Hat. It allows a remote attacker on the same local network segment to cause a denial of service (application crash) in KDE Connect by sending specially crafted broadcast UDP packets. This affects KDE Connect before version 1.33.0 on Android, impacting systems where KDE Connect is deployed and exposed to untrusted local networks.", "threat_severity": "Moderate"}

{}