PT-2025-49195 · Kde+3 · Kde Connect On Android+6

Published

2025-01-01

Updated

2025-12-05

CVE-2025-32898

CVSS v3.1

4.7

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions KDE Connect versions prior to 1.33.0 Valent versions prior to 1.0.0.alpha.47 GSConnect versions prior to 59 KDE Connect on Android versions prior to 1.33.0 KDE Connect on desktop versions prior to 25.04 KDE Connect on iOS versions prior to 0.5

Description The KDE Connect verification-code protocol uses only 8 characters, which allows for brute-force attacks.

Recommendations Update KDE Connect to version 1.33.0 or later. Update Valent to version 1.0.0.alpha.47 or later. Update GSConnect to version 59 or later. Update KDE Connect on Android to version 1.33.0 or later. Update KDE Connect on desktop to version 25.04 or later. Update KDE Connect on iOS to version 0.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2025-32898

Affected Products

Debian

Gsconnect

Kdeconnect

Kde Connect On Android

Kde Connect On Desktop

Kde Connect On Ios

Valent

PT-2025-49195 · Kde+3 · Kde Connect On Android+6

CVE-2025-32898

Weakness Enumeration

Related Identifiers

Affected Products

References · 9