Main Vulnerability Database Vulnerabilities #VU107602

Input validation error in KDE Connect Android - CVE-2025-32899

Published: April 18, 2025

Vulnerability identifier: #VU107602

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-32899

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: KDE.org

Affected software:
KDE Connect Android

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the application handles broadcast UDP packets. When receiving an invalid discovery UDP packet the application tries unpairing the device that sent the packet. A remote attacker can send malformed UDP packets and disrupt network connectivity.

How to mitigate CVE-2025-32899

Install updates from vendor's website.

Sources

https://kde.org/info/security/advisory-20250418-1.txt

Input validation error in KDE Connect Android - CVE-2025-32899

Detailed vulnerability description

How to mitigate CVE-2025-32899

Sources

Please verify you're human