Main Vulnerability Database Vulnerabilities #VU121034

Improper certificate validation in messagelib - CVE-2025-69412

Published: January 7, 2026

Vulnerability identifier: #VU121034

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-69412

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: KDE.org

Affected software:
messagelib

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software ignores SSL errors when contacting the Google Safe Browsing API. A remote attacker can perform MitM attack and manipulate traffic between the applications using messagelib (KMail, Akregator, etc) and the Google Safe Browsing service.

Note, Google Safe Browsing API is disabled by default.

How to mitigate CVE-2025-69412

Install updates from vendor's website.

Sources

https://kde.org/info/security/advisory-20260107-1.txt

Improper certificate validation in messagelib - CVE-2025-69412

Detailed vulnerability description

How to mitigate CVE-2025-69412

Sources

Please verify you're human