Primary

Context

KDE Connect Android Unpairing Vulnerability via Crafted Discovery Packets

Vulnerability

Patched

A vulnerability in KDE Connect for Android, prior to version 1.33.0, allows an attacker to unpair two connected devices by sending a crafted invalid discovery packet over broadcast UDP. This exploitation takes advantage of the UDP protocol's lack of authentication, causing the receiving device to mistakenly believe it is being unpaired by a legitimate device.

Impact

Exploitation of this vulnerability causes two paired devices to become unpaired, disrupting the connection and requiring users to re-establish the pairing.

Remediation

Users are advised to update KDE Connect for Android to version 1.33.0 or later. When on untrusted networks, such as those in airports or conferences, it is recommended to stop using KDE Connect.

Added: Dec 5, 2025, 5:19 AM

Updated: Dec 5, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

8.3

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

8.3

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KDE Connect Android Unpairing Vulnerability via Crafted Discovery Packets

Vulnerability

Impact

Remediation

Affected Products

KDE Connect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating