DEBIAN-CVE-2025-66270

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-66270
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-66270.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-66270
Upstream
Downstream
Published
2025-12-05T06:16:09.253Z
Modified
2026-03-11T07:38:09.092991Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

References

Affected packages

Debian:13 / gnome-shell-extension-gsconnect

Package

Name
gnome-shell-extension-gsconnect
Purl
pkg:deb/debian/gnome-shell-extension-gsconnect?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
62-1+deb13u1

Affected versions

Other
62-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-66270.json"

Debian:14 / gnome-shell-extension-gsconnect

Package

Name
gnome-shell-extension-gsconnect
Purl
pkg:deb/debian/gnome-shell-extension-gsconnect?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
71-1

Affected versions

Other
62-1
67-1
67-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-66270.json"

Debian:13 / kdeconnect

Package

Name
kdeconnect
Purl
pkg:deb/debian/kdeconnect?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.04.2-1+deb13u1

Affected versions

25.*
25.04.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-66270.json"

Debian:14 / kdeconnect

Package

Name
kdeconnect
Purl
pkg:deb/debian/kdeconnect?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.11.80+git20251121.7090b106-1

Affected versions

25.*
25.04.2-1
25.08.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-66270.json"