Main Vulnerability Database Vulnerabilities #VU121034

#VU121034 Improper certificate validation in messagelib - CVE-2025-69412

Published: January 7, 2026

Vulnerability identifier: #VU121034

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-69412

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
messagelib

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software ignores SSL errors when contacting the Google Safe Browsing API. A remote attacker can perform MitM attack and manipulate traffic between the applications using messagelib (KMail, Akregator, etc) and the Google Safe Browsing service.

Note, Google Safe Browsing API is disabled by default.

Remediation

Install updates from vendor's website.

External links

https://kde.org/info/security/advisory-20260107-1.txt

#VU121034 Improper certificate validation in messagelib - CVE-2025-69412

Description

Remediation

External links

Please verify you're human