CVE-2025-32901
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kde | kde_connect | 1.33.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or malformed UDP broadcast packets containing device IDs sent to KDE Connect on the network. Since KDE Connect uses UDP broadcasts for device discovery, you can use network packet capture tools like tcpdump or Wireshark to filter and inspect UDP traffic on the relevant ports. For example, you can run: tcpdump -i <interface> udp and look for suspicious or malformed device ID payloads that could cause the application to crash. [2]
Can you explain this vulnerability to me?
This vulnerability in KDE Connect before version 1.33.0 on Android allows malicious device IDs sent via broadcast UDP to cause the application to crash.
How can this vulnerability impact me? :
The vulnerability can cause the KDE Connect application on Android devices to crash when it receives malicious device IDs via broadcast UDP, potentially disrupting normal use of the application.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include stopping the use of KDE Connect on untrusted networks such as public Wi-Fi at airports or conferences to avoid exposure to malicious UDP broadcasts. Additionally, update the KDE Connect Android application to version 1.33.0 or later, where this vulnerability is fixed. [2]