CVE-2025-11637
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-30

Assigner: VulDB

Description
A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11637
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Tomofun Furbo 360 device's audio handler component. An attacker with access to a victim's account can exploit it by sending multiple 'treat toss' commands simultaneously. This causes the device's audio system to malfunction, preventing it from playing any further audio until it is rebooted. [1]

Impact Analysis

The impact of this vulnerability is that an attacker can remotely disrupt the audio functionality of the Tomofun Furbo 360 device. This results in the device being unable to play audio until it is rebooted, which could affect user experience and device usability. [1]

Detection Guidance

This vulnerability can be detected by monitoring for concurrent or repeated 'treat toss' commands issued to the Tomofun Furbo 360 device. Detection could involve checking logs or network traffic for multiple simultaneous 'treat toss' commands from the same or different accounts. Specific commands are not provided, but network monitoring tools or device logs should be inspected for such concurrent command patterns. [1]

Mitigation Strategies

Immediate mitigation steps include preventing multiple concurrent 'treat toss' commands from being issued to the device, limiting access to trusted users only, and rebooting the device if the audio system becomes unresponsive. Since the vendor has not responded or provided a patch, restricting remote access and monitoring command usage are recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11637. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart