CVE-2025-32900

4.3MEDIUM

Key Information:

Vendor: Kde
Status: Kde Connect Information-exchange Protocol
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-32900?

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

Affected Version(s)

KDE Connect information-exchange protocol 0 < 2025-04-18

References

https://kdeconnect.kde.org

https://kde.org/info/security/advisory-20250418-2.txt

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Apr 14, 2025

JSON

Kde

What is CVE-2025-32900?

Affected Version(s)

References

CVSS V3.1

Timeline