KDE messagelib Vulnerability in Google Safe Browsing API Implementation
CVE-2025-69412

3.4LOW

Key Information:

Vendor: Kde
Status: Messagelib
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-69412?

KDE messagelib versions prior to 25.11.90 contain a vulnerability in their implementation of the Google Safe Browsing Lookup API. This security flaw allows the software to ignore SSL errors during calls to the API, which can be exploited to spoof threat data. Although the Lookup API is not utilized by default in messagelib's configuration, the oversight presents potential risks if the API is enabled. Users and administrators should be aware of this vulnerability and consider updating to the latest version to mitigate potential threats.

Affected Version(s)

messagelib 0 < 25.11.90

References

https://github.com/KDE/messagelib/compare/v25.11.80...v25...

https://github.com/KDE/messagelib/commit/01adef0482bb3d5c...

https://developers.google.com/safe-browsing/v4

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Dec 31, 2025

CVE-2025-69412 Data

JSON

Kde

What is CVE-2025-69412?

Affected Version(s)

References

CVSS V3.1

Timeline