CVE-2025-11635
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-30

Assigner: VulDB

Description
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11635
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11635 is a resource consumption vulnerability in the Tomofun Furbo 360 device (firmware up to FB0035_FW_036). It occurs in the File Upload component where an authenticated attacker can upload or force the device to download excessively large files without size restrictions. This causes the device to consume all available disk space, leading to a Denial of Service (DoS) condition that makes the device inoperable. [1, 2]

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on the affected Tomofun Furbo 360 device. An attacker can remotely exploit the flaw to exhaust the device's storage resources, rendering it unavailable and inoperable. This affects the device's availability but does not compromise confidentiality or integrity. [1, 2]

Detection Guidance

This vulnerability involves resource consumption caused by uploading excessively large files to the Tomofun Furbo 360 device. Detection could involve monitoring the device's disk usage and network traffic for unusually large file uploads or spikes in resource consumption. Since the attack requires authentication and involves file uploads, commands to check disk space (e.g., 'df -h' on the device if accessible) and network monitoring tools to detect large file transfers could be useful. However, no specific detection commands or signatures are publicly available. [1, 2]

Mitigation Strategies

No official mitigation or vendor guidance is available as the vendor did not respond to the disclosure. Immediate steps include monitoring and limiting file upload sizes if possible, restricting authenticated access to trusted users only, and considering replacing the affected Tomofun Furbo 360 device with an alternative product to avoid exploitation. Since the vulnerability leads to denial of service via resource exhaustion, preventing large file uploads or limiting resource usage is recommended. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart