CVE-2025-11638
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-30

Assigner: VulDB

Description
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-30
Generated
2026-05-06
AI Q&A
2025-10-12
EPSS Evaluated
2026-05-05
NVD
CVE-2025-11638
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
furbo furbo_mini_firmware to 074 (inc)
furbo furbo_mini *
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-11638 is a denial of service (DoS) vulnerability in Tomofun Furbo 360 and Furbo Mini devices. It affects an unknown function within the Bluetooth Handler component. An attacker on the local network or within Bluetooth range can exploit this flaw to cause the device to disconnect from its Wi-Fi network and become offline until manually rebooted. The vulnerability is due to improper resource handling (CWE-404) and does not require authentication to exploit. [1, 2]


How can this vulnerability impact me? :

This vulnerability can disrupt the normal operation of Furbo 360 and Furbo Mini devices by causing them to disconnect from Wi-Fi and go offline until manually rebooted. Since these devices are often used as security monitoring tools, exploitation can render them non-functional, preventing them from performing their intended monitoring and security roles, thus posing a significant security risk. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can involve monitoring for unexpected disconnections of Furbo 360 or Furbo Mini devices from the Wi-Fi network, especially if they require manual reboot to restore connectivity. Since the attack exploits Bluetooth, scanning for unusual Bluetooth activity or connections to the Furbo devices may help. However, no specific detection commands or public exploits are currently available. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include monitoring the affected Furbo devices for signs of denial of service, such as unexpected Wi-Fi disconnections, and manually rebooting the device if it becomes unresponsive. Since no patches or countermeasures are published, consider replacing affected devices with alternatives to avoid the risk. Limiting Bluetooth access to trusted devices and reducing Bluetooth range may also help reduce exposure. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart