LOWCVE-2025-69412CVSS 3.4

CVE-2025-69412: SSL Error Ignored in KDE messagelib

Platform

linux

Component

messagelib

Fixed in

25.11.90

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2025-69412 is a security vulnerability affecting KDE messagelib versions prior to 25.11.90. The vulnerability stems from an oversight where SSL errors are ignored during communication with the Google Safe Browsing Lookup API. This could allow an attacker to potentially spoof threat data, though the API is not enabled by default. A fix is available in version 25.11.90.

Impact and Attack Scenarios

The primary impact of CVE-2025-69412 lies in the potential for threat data spoofing. If an attacker can successfully intercept and manipulate the communication with the Google Safe Browsing Lookup API, they could present false positive or false negative threat assessments. This could lead users to believe a legitimate website is malicious, or conversely, that a malicious website is safe. While the API is not enabled by default in KDE messagelib's configuration, systems that have explicitly enabled it are at risk. The severity is rated as LOW due to the API's default disabled state and the complexity of successfully exploiting the vulnerability.

Exploitation Context

CVE-2025-69412 was publicly disclosed on 2025-12-31. As of this date, there are no known public proof-of-concept exploits available. The vulnerability is not currently listed on the CISA KEV catalog. The low CVSS score reflects the API's default disabled state and the complexity of exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureMedium

EPSS

0.01% (1% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

CVSS Vector

Affected Software

Componentmessagelib

VendorKDE

Affected rangeFixed in

0 – 25.11.9025.11.90

Weakness Classification (CWE)

CWE-295

Timeline

Reserved2025-12-31
Published2025-12-31
Modified2026-01-02
EPSS updated2026-03-23

Mitigation and Workarounds

The primary mitigation for CVE-2025-69412 is to upgrade KDE messagelib to version 25.11.90 or later. This version includes a fix that properly handles SSL errors during communication with the Google Safe Browsing Lookup API. If upgrading is not immediately feasible, consider disabling the Google Safe Browsing Lookup API within the KDE messagelib configuration. This will prevent the vulnerable code from being executed. Verify the upgrade by checking the messagelib version after installation using kde messagelib --version.

How to fix

Update KDE messagelib to version 25.11.90 or later. This version fixes the SSL error omission vulnerability when using the Google Safe Browsing Lookup API. The update prevents potential threat data spoofing.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-69412 — SSL Error Ignored in KDE messagelib?

CVE-2025-69412 is a vulnerability in KDE messagelib where SSL errors are ignored when using the Google Safe Browsing Lookup API, potentially allowing threat data spoofing.

Am I affected by CVE-2025-69412 in KDE messagelib?

You are affected if you use KDE messagelib versions 0.0–25.11.80 and have the Google Safe Browsing Lookup API enabled in your configuration.

How do I fix CVE-2025-69412 in KDE messagelib?

Upgrade KDE messagelib to version 25.11.90 or later. Alternatively, disable the Google Safe Browsing Lookup API in your configuration.

Is CVE-2025-69412 being actively exploited?

As of the public disclosure date, there are no known active exploits or campaigns targeting CVE-2025-69412.

Where can I find the official KDE advisory for CVE-2025-69412?

Refer to the official KDE security advisory for CVE-2025-69412 on the KDE security announcements website.