CVE-2025-66270 MEDIUM

CVE-2025-66270

Vendor Kde
Product KDE Connect protocol
Weakness CWE-290
Published December 5, 2025
Last update December 5, 2025

CVSS base score

4.7/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Key dates

02Disclosure timeline

December 5, 2025 CVE published
December 5, 2025 Record updated