Medium severity4.7OSV Advisory· Published Dec 5, 2025· Updated Apr 15, 2026
CVE-2025-66270
CVE-2025-66270
Description
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: v1, v1-alpha1, v1-alpha2, …
- Range: < 25.12
Patches
Vulnerability mechanics
References
6- github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3nvd
- github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667ccccenvd
- invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9nvd
- invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080nvd
- invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373envd
- kde.org/info/security/advisory-20251128-1.txtnvd
News mentions
0No linked articles in our index yet.