PT-2025-48260 · Unknown+2 · Kdeconnect+3

Published

2025-01-01

Updated

2026-02-24

CVE-2025-66270

CVSS v3.1

4.7

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions KDE Connect versions prior to 25.04.2-1+deb13u1 gnome-shell-extension-gsconnect versions prior to 62-1+deb13u1

Description A missing validation of the device ID during handshakes in KDE Connect and gnome-shell-extension-gsconnect could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected.

Recommendations Upgrade KDE Connect packages to version 25.04.2-1+deb13u1. Upgrade gnome-shell-extension-gsconnect packages to version 62-1+deb13u1.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2025-66270

DSA-6063-1

DSA-6066-1

OPENSUSE-SU-2025:15800-1

USN-7905-1

Affected Products

Debian

Kdeconnect

Red Os

Gnome-Shell-Extension-Gsconnect

PT-2025-48260 · Unknown+2 · Kdeconnect+3

CVE-2025-66270

Weakness Enumeration

Related Identifiers

Affected Products

References · 22