CVE-2025-69412 — Improper Certificate Validation in Messagelib

CWE-295 — Improper Certificate Validation6 documents6 sources

Severity

3.4LOWNVD

EPSS

0.0%

top 99.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Messagelib

Timeline

PublishedJan 1

Description

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5kde/messagelib< 25.11.90

▶Debiankde/messagelib< 4:25.08.3-3

🔴Vulnerability Details

OSV

CVE-2025-69412: KDE messagelib before 25↗2026-01-01

▶

GHSA

GHSA-q5rr-6j45-r8gx: KDE messagelib before 25↗2026-01-01

▶

CVEList

CVE-2025-69412: KDE messagelib before 25↗2025-12-31

▶

📋Vendor Advisories

Debian

CVE-2025-69412: kf5-messagelib - KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-69412 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶