PT-2025-54472 · Kde+2 · Kde Messagelib+2

Published

2025-12-31

Updated

2026-03-10

CVE-2025-69412

CVSS v3.1

3.4

Low

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions KDE messagelib versions prior to 25.11.90

Description The software does not properly handle SSL errors when using the Google Safe Browsing Lookup API, potentially allowing for spoofing of threat data. This issue affects the find function within the threatMatches component of the API. The Google Safe Browsing Lookup API is not used by default in the messagelib configuration.

Recommendations Update to version 25.11.90 or later.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2026-03574

CVE-2025-69412

OESA-2026-1039

OESA-2026-1040

OESA-2026-1041

OESA-2026-1042

Affected Products

Debian

Kde Messagelib

Red Os

PT-2025-54472 · Kde+2 · Kde Messagelib+2

CVE-2025-69412

Weakness Enumeration

Related Identifiers

Affected Products

References · 27