VDB
CVE-2025-69412
CVE-2025-69412
PUBLISHED
CVSS 3.4000000953674316 LOW
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
EPSS 0.00% · 0.2th percentile
Risk Scores
CVSS v3.1
3.4000000953674316
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.00%
0.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kde | messagelib | 0 |
| KDE | messagelib | 0 |
Timeline
- Dec 31, 2025 CVE ID Reserved
- Dec 31, 2025 CVE Published
- Jan 1, 2026 EPSS Score
- Jan 1, 2026 PoC Published
- Jan 2, 2026 CVE Updated
- Jan 4, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
- Jan 15, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
References
- https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90 url
- https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3 url
- https://developers.google.com/safe-browsing/v4 url
- https://developers.google.com/safe-browsing/v4/lookup-api url
- https://nvd.nist.gov/vuln/detail/CVE-2025-69412 advisory