CVE-2025-32901

4.3MEDIUM

Key Information:

Vendor

Kde

Status
Kdeconnect
Vendor
CVE Published:
5 December 2025

What is CVE-2025-32901?

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Affected Version(s)

KDEConnect 0 < 1.33.0

References

https://kdeconnect.kde.org
https://kde.org/info/security/advisory-20250418-4.txt

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-32901 : Application Crash Vulnerability in KDE Connect Mobile App by KDE