CVE-2025-32899

CVE-2025-32899

Name

CVE-2025-32899

Description

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://kde.org/info/security/advisory-20250418-1.txt
cve@mitre.org	https://kdeconnect.kde.org

Type

URI

cve@mitre.org

https://kde.org/info/security/advisory-20250418-1.txt

cve@mitre.org

https://kdeconnect.kde.org

CPE URI	Source package	Min version	Max version
	kdeconnect	== 0	== None

CPE URI

Source package

Min version

Max version

kdeconnect

== 0

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
kdeconnect	edge-community	25.12.1-r2	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.12.1-r1	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.12.1-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.12.0-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.08.3-r2	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.08.3-r1	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.08.3-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.08.1-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.08.0-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.04.2-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	25.04.0-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	24.12.3-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	24.12.2-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	24.12.1-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	24.12.0-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	24.08.3-r0	team/kde <bribbers@disroot.org>	fixed
kdeconnect	edge-community	20.08.2-r0	None	fixed
kdeconnect	3.23-community	25.08.3-r3	team/kde <bribbers@disroot.org>	possibly vulnerable
kdeconnect	3.22-community	25.04.2-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kdeconnect	3.22-community	24.08.3-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kdeconnect	3.22-community	20.08.2-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

kdeconnect

edge-community

25.12.1-r2

team/kde <bribbers@disroot.org>

fixed

kdeconnect

edge-community