| Name | CVE-2025-32900 |
| Description | In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gnome-shell-extension-gsconnect (PTS) | bookworm | 54-2 | vulnerable |
| trixie | 62-1 | fixed | |
| trixie (security) | 62-1+deb13u1 | fixed | |
| forky, sid | 71-1 | fixed | |
| kdeconnect (PTS) | bullseye | 20.12.3-2 | vulnerable |
| bookworm | 22.12.3-1 | vulnerable | |
| trixie | 25.04.2-1 | fixed | |
| trixie (security) | 25.04.2-1+deb13u1 | fixed | |
| forky, sid | 25.11.80+git20251121.7090b106-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gnome-shell-extension-gsconnect | source | (unstable) | 62-1 | |||
| kdeconnect | source | (unstable) | 25.04.0-1 |
[bookworm] - kdeconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
[bullseye] - kdeconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
[bookworm] - gnome-shell-extension-gsconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
https://kde.org/info/security/advisory-20250418-2.txt
Fixed by: https://invent.kde.org/network/kdeconnect-kde/-/commit/98256fda3dfdf50edd7555f21cba46fd1e596523 (v25.03.80)
Fixed by: https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/cf099c63c7981e69bd095fcbe3215cf87b5328f8 (v59)