Skip to main content

Ubuntu CVE-2025-32898

| EUVDEUVD-2025-201337 MEDIUM
Insufficient Entropy (CWE-331)
2025-12-05 cve@mitre.org
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 17:08 euvd
EUVD-2025-201337
Analysis Generated
Mar 15, 2026 - 17:08 vuln.today
CVE Published
Dec 05, 2025 - 05:16 nvd
MEDIUM 4.7

DescriptionCVE.org

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

AnalysisAI

A remote code execution vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type: remote code execution.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2015-3105 CRITICAL POC
10.0 Jun 10

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466

CVE-2015-3864 CRITICAL POC
10.0 Oct 01

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A

CVE-2013-4710 CRITICAL POC
9.3 Mar 03

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp

CVE-2015-1538 CRITICAL POC
10.0 Oct 01

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android bef

CVE-2024-21633 HIGH POC
7.8 Jan 03

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK

CVE-2017-13156 HIGH POC
7.8 Dec 06

An elevation of privilege vulnerability in the Android system (art). Rated high severity (CVSS 7.8), this vulnerability

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-3106 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2015-3107 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2013-4787 CRITICAL POC
9.3 Jul 09

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows

CVE-2014-7911 HIGH
7.2 Dec 15

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.

CVE-2016-0801 CRITICAL POC
9.8 Feb 07

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01

Vendor StatusVendor

Ubuntu

Priority: Medium
gnome-shell-extension-gsconnect
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
plucky not-affected 62-1
questing not-affected -
upstream released 62-1
kdeconnect
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream released 25.04.0-1
plucky ignored end of life, was needs-triage

Debian

gnome-shell-extension-gsconnect
Release Status Fixed Version Urgency
bookworm vulnerable 54-2 -
trixie (security), trixie fixed 62-1+deb13u1 -
forky, sid fixed 71-1 -
(unstable) fixed 62-1 -
kdeconnect
Release Status Fixed Version Urgency
bullseye vulnerable 20.12.3-2 -
bookworm vulnerable 22.12.3-1 -
trixie (security), trixie fixed 25.04.2-1+deb13u1 -
forky, sid fixed 25.11.80+git20251121.7090b106-1 -
(unstable) fixed 25.04.0-1 -

SUSE

Severity: Medium

Share

CVE-2025-32898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy