Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-66270

Опубликовано: 05 дек. 2025
Источник: debian
EPSS Низкий

Описание

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
kdeconnectfixed25.11.80+git20251121.7090b106-1package
kdeconnectnot-affectedbookwormpackage
kdeconnectnot-affectedbullseyepackage
gnome-shell-extension-gsconnectfixed71-1package
gnome-shell-extension-gsconnectnot-affectedbookwormpackage

Примечания

  • https://kde.org/info/security/advisory-20251128-1.txt

  • Fixed by: https://invent.kde.org/network/kdeconnect-kde/-/commit/1d757349d0f517ef12c119565ffb1f79503fbcdf (v25.11.90)

  • Introduced by: https://invent.kde.org/network/kdeconnect-kde/-/commit/98256fda3dfdf50edd7555f21cba46fd1e596523 (v25.03.80)

  • Fixed by: https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/3223595bb648ad09afd150ec56dadfe1f33bd641 (v70)

  • Introduced by: https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/cf099c63c7981e69bd095fcbe3215cf87b5328f8 (v59)

EPSS

Процентиль: 8%
0.00031
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-66270

CVSS3: 4.7
ubuntu
2 месяца назад

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

nvd логотип

CVE-2025-66270

CVSS3: 4.7
nvd
2 месяца назад

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

github логотип

GHSA-xcg9-fw4f-9chv

CVSS3: 4.7
github
2 месяца назад

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

EPSS

Процентиль: 8%
0.00031
Низкий
Уязвимость CVE-2025-66270