Low severity3.4OSV Advisory· Published Jan 1, 2026· Updated Apr 15, 2026

CVE-2025-69412

Description

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

Affected products

KDE/MessagelibOSV
Range: v16.11.80, v17.07.80, v17.11.80, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

developers.google.com/safe-browsing/v4nvd
developers.google.com/safe-browsing/v4/lookup-apinvd
github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3nvd
github.com/KDE/messagelib/compare/v25.11.80...v25.11.90nvd

News mentions

No linked articles in our index yet.

cvss	0.221
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000