Brute-Force Vulnerability in KDE Connect Affects Multiple Platforms
CVE-2025-32898

4.7MEDIUM

Key Information:

Vendor

Kde

Status
Kde Connect Verification-code Protocol
Vendor
CVE Published:
5 December 2025

What is CVE-2025-32898?

KDE Connect versions released before April 2025 utilize an 8-character verification-code protocol, exposing users to potential brute-force attacks. This vulnerability affects multiple platforms, including Android, desktop, and iOS, enabling malicious actors to easily guess the verification codes and gain unauthorized access. The impact is significant as it compromises the security of inter-device communication, necessitating prompt updates to mitigate risks.

Affected Version(s)

KDE Connect verification-code protocol 0 < 2025-04-18

References

https://kdeconnect.kde.org
https://kde.org/info/security/advisory-20250418-3.txt

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-32898 : Brute-Force Vulnerability in KDE Connect Affects Multiple Platforms