Vulnerability DatabaseCVE-2025-69412
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-69412
December 31, 2025
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Affected Packages
https://github.com/KDE/messagelib.git (GITHUB):
Affected version(s) >=v16.03.80 <v25.11.90
Fix Suggestion:
Update to version v25.11.90
Related Resources (4)
https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3
https://developers.google.com/safe-browsing/v4
https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90
https://developers.google.com/safe-browsing/v4/lookup-api
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.4
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Certificate Validation
CWE-295
EPSS
Base Score:
0.03