Description

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

INFO

Published Date :

2025-12-05T00:00:00.000Z

Last Modified :

2025-12-05T17:26:40.066Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66270 vulnerability.

Vendors Products
Apple
  • Ios
Google
  • Android
Kde
  • Gsconnect
  • Kde
  • Kdeconnect
  • Valent
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66270.

URL Resource
https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3 cve-icon cve-icon
https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce cve-icon cve-icon
https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9 cve-icon cve-icon
https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080 cve-icon cve-icon
https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e cve-icon cve-icon
https://kde.org/info/security/advisory-20251128-1.txt cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact