KDE Connect Protocol Vulnerability in Multiple Platforms
CVE-2025-66270

4.7MEDIUM

Key Information:

Vendor

Kde

Status
Kde Connect Protocol
Vendor
CVE Published:
5 December 2025

What is CVE-2025-66270?

The KDE Connect protocol prior to version 25.12 on desktop and earlier versions on iOS, Android, GSConnect, and Valent fails to adequately correlate device IDs across transmitted packets. This imperfection can potentially lead to security issues, allowing unauthorized access or data interception. Users of affected versions are encouraged to update their applications to ensure secure communication between devices.

Affected Version(s)

KDE Connect protocol 8

References

https://invent.kde.org/network/kdeconnect-kde/-/commit/4e...
https://invent.kde.org/network/kdeconnect-android/-/commi...
https://invent.kde.org/network/kdeconnect-ios/-/commit/6c...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.