Home > Vulnerability Database > CVE-2025-66270

Mend.io Vulnerability Database

CVE-2025-66270

Good to know:

Date: December 5, 2025

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Severity Score

4.7

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66270

Url: https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3

Url: https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9

Url: https://kde.org/info/security/advisory-20251128-1.txt

Url: https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce

Url: https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e

Url: https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080

Url: https://www.mend.io/vulnerability-database/CVE-2025-66270

Severity Score

4.7

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version https://invent.kde.org/network/kdeconnect-android.git - v1.34.4;https://invent.kde.org/network/kdeconnect-kde.git - v25.12.0;https://github.com/GSConnect/gnome-shell-extension-gsconnect.git - v68

Learn More

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66270

Good to know:

Date: December 5, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?