Home > Vulnerability Database > CVE-2025-32900

Mend.io Vulnerability Database

CVE-2025-32900

Good to know:

Date: December 4, 2025

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

Severity Score

4.3

Related Resources (4)

Url: https://kdeconnect.kde.org

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32900

Url: https://kde.org/info/security/advisory-20250418-2.txt

Url: https://www.mend.io/vulnerability-database/CVE-2025-32900

Severity Score

4.3

Weakness Type (CWE)

Use of Less Trusted Source

CWE-348

Top Fix

Upgrade Version

Upgrade to version https://github.com/andyholmes/valent.git - v1.0.0.alpha.47

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32900

Good to know:

Date: December 4, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?