CVE-2025-69412

NameCVE-2025-69412
DescriptionKDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kf5-messagelib (PTS)bullseye4:20.08.3-5vulnerable
bookworm4:22.12.3-2~deb12u1vulnerable
messagelib (PTS)trixie4:24.12.3-4vulnerable
forky, sid4:25.08.3-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kf5-messagelibsource(unstable)(unfixed)
messagelibsource(unstable)(unfixed)

Notes

https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3 (v25.11.90)
Search for package or bug name: Reporting problems