ByteOS Network

NVD Vulnerability Details :

CVE-2025-66270

Awaiting Analysis

Source-cve@mitre.org

Published At-05 Dec, 2025 | 06:16

Updated At-08 Dec, 2025 | 18:27

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-290	Primary	cve@mitre.org

CWE ID: CWE-290

Type: Primary

Source: cve@mitre.org

References

Hyperlink	Source	Resource
https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3	cve@mitre.org	N/A
https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce	cve@mitre.org	N/A
https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9	cve@mitre.org	N/A
https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080	cve@mitre.org	N/A
https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e	cve@mitre.org	N/A
https://kde.org/info/security/advisory-20251128-1.txt	cve@mitre.org	N/A