Main Vulnerability Database Vulnerabilities #VU107602

#VU107602 Input validation error in KDE Connect Android - CVE-2025-32899

Published: April 18, 2025

Vulnerability identifier: #VU107602

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-32899

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
KDE Connect Android

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the application handles broadcast UDP packets. When receiving an invalid discovery UDP packet the application tries unpairing the device that sent the packet. A remote attacker can send malformed UDP packets and disrupt network connectivity.

Remediation

Install updates from vendor's website.

External links

https://kde.org/info/security/advisory-20250418-1.txt

#VU107602 Input validation error in KDE Connect Android - CVE-2025-32899

Description

Remediation

External links

Please verify you're human