CVE-2025-32901 — Improper Validation of Specified Type of Input in Kdeconnect

CWE-1287 — Improper Validation of Specified Type of Input5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 91.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Kdeconnect
Timeline
PublishedDec 5

Description

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

â–¶CVEListV5kde/kdeconnect< 1.33.0

🔴Vulnerability Details

3
CVEList
CVE-2025-32901: In KDE Connect before 1↗2025-12-05
â–¶
OSV
CVE-2025-32901: In KDE Connect before 1↗2025-12-05
â–¶
GHSA
GHSA-m48p-p8gp-9jxf: In KDE Connect before 1↗2025-12-05
â–¶

📋Vendor Advisories

1
Red Hat
kde-connect: KDE Connect: Application crash via malicious device IDs↗2025-12-05
â–¶
CVE-2025-32901 — KDE Kdeconnect vulnerability | cvebase