प्लेटफ़ॉर्म
linux
घटक
messagelib
में ठीक किया गया
25.11.90
CVE-2025-69412 is a security vulnerability affecting KDE messagelib versions prior to 25.11.90. The vulnerability stems from an oversight where SSL errors are ignored during communication with the Google Safe Browsing Lookup API. This could allow an attacker to potentially spoof threat data, though the API is not enabled by default. A fix is available in version 25.11.90.
The primary impact of CVE-2025-69412 lies in the potential for threat data spoofing. If an attacker can successfully intercept and manipulate the communication with the Google Safe Browsing Lookup API, they could present false positive or false negative threat assessments. This could lead users to believe a legitimate website is malicious, or conversely, that a malicious website is safe. While the API is not enabled by default in KDE messagelib's configuration, systems that have explicitly enabled it are at risk. The severity is rated as LOW due to the API's default disabled state and the complexity of successfully exploiting the vulnerability.
CVE-2025-69412 was publicly disclosed on 2025-12-31. As of this date, there are no known public proof-of-concept exploits available. The vulnerability is not currently listed on the CISA KEV catalog. The low CVSS score reflects the API's default disabled state and the complexity of exploitation.
Systems utilizing KDE messagelib with the Google Safe Browsing Lookup API explicitly enabled are at risk. This includes developers who have customized KDE applications or services to leverage the API for threat assessment. Shared hosting environments using KDE messagelib with custom configurations should also be assessed.
• linux / server:
journalctl -u messagelib | grep -i "ssl error"• linux / server:
ps aux | grep messagelib | grep "Google Safe Browsing Lookup API"disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (1% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-69412 is to upgrade KDE messagelib to version 25.11.90 or later. This version includes a fix that properly handles SSL errors during communication with the Google Safe Browsing Lookup API. If upgrading is not immediately feasible, consider disabling the Google Safe Browsing Lookup API within the KDE messagelib configuration. This will prevent the vulnerable code from being executed. Verify the upgrade by checking the messagelib version after installation using kde messagelib --version.
Actualice KDE messagelib a la versión 25.11.90 o superior. Esta versión corrige la vulnerabilidad de omisión de errores SSL al usar la API Google Safe Browsing Lookup. La actualización previene la posible suplantación de datos de amenazas.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-69412 is a vulnerability in KDE messagelib where SSL errors are ignored when using the Google Safe Browsing Lookup API, potentially allowing threat data spoofing.
You are affected if you use KDE messagelib versions 0.0–25.11.80 and have the Google Safe Browsing Lookup API enabled in your configuration.
Upgrade KDE messagelib to version 25.11.90 or later. Alternatively, disable the Google Safe Browsing Lookup API in your configuration.
As of the public disclosure date, there are no known active exploits or campaigns targeting CVE-2025-69412.
Refer to the official KDE security advisory for CVE-2025-69412 on the KDE security announcements website.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।