CVE-2025-32899 β€” Improper Preservation of Consistency Between Independent Representations of Shared State in Kdeconnect

CWE-1250 β€” Improper Preservation of Consistency Between Independent Representations of Shared State5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 94.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Kdeconnect
Timeline
PublishedDec 5

Description

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

β–ΆCVEListV5kde/kdeconnect< 1.33.0

πŸ”΄Vulnerability Details

3
OSV
CVE-2025-32899: In KDE Connect before 1β†—2025-12-05
β–Ά
CVEList
CVE-2025-32899: In KDE Connect before 1β†—2025-12-05
β–Ά
GHSA
GHSA-7whf-gjc8-hw23: In KDE Connect before 1β†—2025-12-05
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
kde-connect: KDE Connect: Unpairing of devices via invalid broadcast UDP packet↗2025-12-05
β–Ά
CVE-2025-32899 β€” KDE Kdeconnect vulnerability | cvebase