Primary

Context

KDE Connect Android Denial-of-Service Vulnerability via Malicious Device IDs

Vulnerability

Patched

A denial-of-service vulnerability has been identified in KDE Connect for Android, affecting versions prior to 1.33.0. The issue arises when malicious device IDs are sent over broadcast UDP. Because UDP lacks authentication, an attacker can introduce an invalid device ID that causes the application to crash while attempting to process and save the information.

Impact

Exploiting this vulnerability can lead to a crash of the KDE Connect application, causing a denial-of-service condition on the device.

Remediation

Users are advised to update KDE Connect for Android to version 1.33.0 or later.

Added: Dec 5, 2025, 5:18 AM

Updated: Dec 5, 2025, 6:51 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KDE Connect Android Denial-of-Service Vulnerability via Malicious Device IDs

Vulnerability

Impact

Remediation

Affected Products

KDE Connect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating