CVE-2025-69412

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-69412
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-69412.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-69412
Downstream
Published
2026-01-01T00:15:40.797Z
Modified
2026-01-04T13:50:55.432341Z
Severity
  • 3.4 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

References

Affected packages

Git / github.com/kde/messagelib

Affected ranges

Type
GIT
Repo
https://github.com/kde/messagelib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
01adef0482bb3d5c817433db5208620c84a992b3

Affected versions

v16.*

v16.03.80
v16.03.90
v16.04.0
v16.04.1
v16.04.2
v16.04.3
v16.07.80
v16.07.90
v16.08.0
v16.08.1
v16.08.2
v16.11.80
v16.11.90
v16.12.0
v16.12.1
v16.12.2
v16.12.3

v17.*

v17.03.80
v17.03.90
v17.04.0
v17.04.1
v17.04.2
v17.04.3
v17.07.80
v17.07.90
v17.08.0
v17.08.1
v17.08.2
v17.08.3
v17.11.80
v17.11.90
v17.12.0
v17.12.1
v17.12.2
v17.12.3

v18.*

v18.03.80
v18.03.90
v18.04.0
v18.04.1
v18.04.2
v18.04.3
v18.07.80
v18.07.90
v18.08.0
v18.08.1
v18.08.2
v18.08.3
v18.11.80
v18.11.90
v18.12.0
v18.12.1
v18.12.2
v18.12.3

v19.*

v19.03.80
v19.03.90
v19.04.0
v19.04.1
v19.04.2
v19.07.80
v19.07.90
v19.08.0
v19.08.1
v19.08.2
v19.11.80
v19.11.90
v19.12.0
v19.12.1
v19.12.2
v19.12.3

v20.*

v20.03.80
v20.03.90
v20.04.0
v20.04.1
v20.04.2
v20.04.3
v20.07.80
v20.07.90
v20.08.0
v20.08.1
v20.08.2
v20.08.3
v20.11.80
v20.11.90
v20.12.0
v20.12.1
v20.12.2
v20.12.3

v21.*

v21.03.80
v21.03.90
v21.04.0
v21.04.1
v21.07.80
v21.07.90
v21.08.0
v21.08.1
v21.08.2
v21.08.3
v21.11.80
v21.11.90
v21.12.0
v21.12.1
v21.12.2
v21.12.3

v22.*

v22.03.80
v22.04.0
v22.04.1
v22.04.2
v22.04.3
v22.07.80
v22.07.90
v22.08.0
v22.08.1
v22.11.80
v22.11.90
v22.12.0
v22.12.1
v22.12.2

v23.*

v23.03.80
v23.03.90
v23.04.0
v23.04.1
v23.07.80
v23.07.90
v23.08.0
v23.08.1

v24.*

v24.01.75
v24.01.80
v24.01.85
v24.01.90
v24.01.95
v24.02.0
v24.02.1
v24.11.80
v24.11.90
v24.12.0

v25.*

v25.03.80
v25.11.80

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-69412.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "247102080454140445278807094198843041167",
            "length": 278.0
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-3341d1ff",
        "signature_type": "Function",
        "target": {
            "function": "CheckPhishingUrlJob::slotSslErrors",
            "file": "webengineviewer/src/checkphishingurl/checkphishingurljob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "189803499842410880278693176566031155382",
                "295465336199449180951910272813593965609",
                "29535838893051329906184700870623651685",
                "107162341442944455720388121535181316171"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-540b8023",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/createphishingurldatabasejob.h"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "327076565499342336629559112476470034364",
                "184854466108492269141698443155367379372",
                "62411414880555032890370284325707300482",
                "31581962162360840796845883202761848596"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-57e89096",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/searchfullhashjob.h"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "16595314924505878769694780307857536986",
            "length": 662.0
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-639db6ff",
        "signature_type": "Function",
        "target": {
            "function": "CheckPhishingUrlJob::CheckPhishingUrlJob",
            "file": "webengineviewer/src/checkphishingurl/checkphishingurljob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "284800492353272502615185421514129997541",
                "184854466108492269141698443155367379372",
                "62411414880555032890370284325707300482",
                "229519636213746222311113278162458368710"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-7ffdc628",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/checkphishingurljob.h"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "30533534155258722385867582978427086795",
                "211811503537468069404272192450237812634",
                "69471432110590285668013934209321051194",
                "256274067889310728774519371562339505395",
                "50543018115372181891164945733361489871",
                "202359521106345234243335734083556325771",
                "254445964567112001016783680962290159564",
                "71266004300204698686155491109090253378",
                "232320105128457006802425477699975091518",
                "24172488447633758063073534192757032385",
                "138066407036146805378149167992405796217"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-8a269338",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/createphishingurldatabasejob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "256369801189348538485778761716173943678",
            "length": 274.0
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-8eccd0d3",
        "signature_type": "Function",
        "target": {
            "function": "SearchFullHashJob::slotSslErrors",
            "file": "webengineviewer/src/checkphishingurl/searchfullhashjob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "204962871260004479380125479133469571977",
                "292526621139149432150901442242866114180",
                "12773743552272659386140408220786406289",
                "186518216810990804896709961231481529907",
                "131183597879498428956355581153264157266",
                "283975210712205716392108679368081743471",
                "282807292170243006918175554184023191527",
                "284771718902777374462560505021352711093",
                "69606276922023580568823722648959654490",
                "103464088373995303934865097700855410148",
                "78662362953449623311788182742939045171"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-b3de5b03",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/searchfullhashjob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "298783257015222379147186034410254172256",
            "length": 296.0
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-ba5e87be",
        "signature_type": "Function",
        "target": {
            "function": "CreatePhishingUrlDataBaseJob::slotSslErrors",
            "file": "webengineviewer/src/checkphishingurl/createphishingurldatabasejob.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "92280337932978690019159889351572066502",
                "4220465855716612051429396431212393540",
                "40296109455296819533900534623270585994",
                "309168200500391801860753387112137857610",
                "15226293527122381452617177446967936293",
                "111262021432512392919002477530902633070",
                "4769713228461819591863564167796327708",
                "52579593200952171123799443036430354353",
                "118160700038180806577936688686262260433",
                "222817283456998920970826672216178474614",
                "339918176743609301429366214377344009183"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/kde/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3",
        "id": "CVE-2025-69412-cabd20e0",
        "signature_type": "Line",
        "target": {
            "file": "webengineviewer/src/checkphishingurl/checkphishingurljob.cpp"
        }
    }
]