CVE-2025-69412

LOW
2026-01-01 [email protected]
3.4
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 01, 2026 - 00:15 nvd
LOW 3.4

Tags

Tls

Description

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

Analysis

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [CVSS 3.4 LOW]

Technical Context

Classified as CWE-295 (Improper Certificate Validation). Affects KDE messagelib. KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

Affected Products

Product: KDE messagelib. Versions: up to 25.11.90.

Remediation

Monitor vendor advisories for a patch.

Priority Score

17
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +17
POC: 0

Share

CVE-2025-69412 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy