CVE-2025-69412: Low severity KDE messagelib vulnerability
Published Dec 31, 2025
·Updated
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Affected Software
1 affected component
KDE messagelib<25.11.90
Event History
Dec 31, 2025
CVE Published
via MITRE·11:20 PM
Data Sourced
via MITRE·11:20 PM
DescriptionSeverityWeakness
Jan 1, 2026
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-69412?
CVE-2025-69412 has not been assigned a specific severity rating, but it poses a risk due to potential spoofing of threat data.
2
How do I fix CVE-2025-69412?
To mitigate CVE-2025-69412, update KDE messagelib to version 25.11.90 or later.
3
What are the vulnerabilities introduced by CVE-2025-69412?
CVE-2025-69412 allows for the ignoring of SSL errors, which could lead to the acceptance of spoofed threat data.
4
Which versions of KDE messagelib are affected by CVE-2025-69412?
KDE messagelib versions prior to 25.11.90 are affected by CVE-2025-69412.
5
Is the Google Safe Browsing Lookup API enabled by default in KDE messagelib regarding CVE-2025-69412?
No, the Google Safe Browsing Lookup API is not contacted in the default configuration of KDE messagelib.