CVE-2025-11635
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11635 is a resource consumption vulnerability in the Tomofun Furbo 360 device (firmware up to FB0035_FW_036). It occurs in the File Upload component where an authenticated attacker can upload or force the device to download excessively large files without size restrictions. This causes the device to consume all available disk space, leading to a Denial of Service (DoS) condition that makes the device inoperable. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a Denial of Service (DoS) on the affected Tomofun Furbo 360 device. An attacker can remotely exploit the flaw to exhaust the device's storage resources, rendering it unavailable and inoperable. This affects the device's availability but does not compromise confidentiality or integrity. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves resource consumption caused by uploading excessively large files to the Tomofun Furbo 360 device. Detection could involve monitoring the device's disk usage and network traffic for unusually large file uploads or spikes in resource consumption. Since the attack requires authentication and involves file uploads, commands to check disk space (e.g., 'df -h' on the device if accessible) and network monitoring tools to detect large file transfers could be useful. However, no specific detection commands or signatures are publicly available. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No official mitigation or vendor guidance is available as the vendor did not respond to the disclosure. Immediate steps include monitoring and limiting file upload sizes if possible, restricting authenticated access to trusted users only, and considering replacing the affected Tomofun Furbo 360 device with an alternative product to avoid exploitation. Since the vulnerability leads to denial of service via resource exhaustion, preventing large file uploads or limiting resource usage is recommended. [2]