Description

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

INFO

Published Date :

2025-12-31T23:20:55.785Z

Last Modified :

2026-01-02T13:45:18.339Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69412 vulnerability.

Vendors Products
Kde
  • Messagelib
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69412.

URL Resource
https://developers.google.com/safe-browsing/v4 cve-icon cve-icon
https://developers.google.com/safe-browsing/v4/lookup-api cve-icon cve-icon
https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3 cve-icon cve-icon
https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact