QwikSec

Security Database

CVE

CWE

Training

CVE-2025-69412

Published: Dec 31, 2025

Modified: Jan 2, 2026

PUBLISHED

CVSS v3.1

3.4

LOW

Description

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

Vendor	Product	Versions
KDE	messagelib	affected `0 - < 25.11.90`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90

https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3

https://developers.google.com/safe-browsing/v4

https://developers.google.com/safe-browsing/v4/lookup-api

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.