CVE-2025-11639
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11639 is a vulnerability in Tomofun Furbo 360 and Furbo Mini devices affecting the collect_logs.sh script in the Debug Log S3 Bucket Handler. The script insecurely stores sensitive information, specifically exposing the 'x-amz-grant-full-control' header. An attacker with local access can retrieve this header, which grants permissions to upload arbitrary data to the device's Debug Log Amazon S3 bucket. This can lead to unauthorized data uploads, data pollution, or potentially compromise Furboβs systems by uploading malicious files. Because device IDs are sequential, attackers might also affect other users' devices. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to access sensitive information and gain unauthorized permissions to upload arbitrary data to the Furbo Debug Log S3 bucket. This could result in data pollution or compromise of the Furbo system if malicious files are uploaded and executed. Additionally, due to sequential device IDs, attackers might target other users' devices, increasing the scope of the impact. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by accessing the device locally and inspecting the file collect_logs.sh located at /tmp/furbo_app/bin/. Specifically, you can read this script to check for the presence of the sensitive x-amz-grant-full-control header which is insecurely stored. For example, you can use the command: cat /tmp/furbo_app/bin/collect_logs.sh to view the contents and verify if the sensitive header is exposed. Detection requires local access to the device or extraction of the Furbo service files. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local access to the affected devices to prevent unauthorized users from reading the collect_logs.sh script. Since no official fixes or patches are available and the vendor has not responded, it is recommended to replace the affected Furbo 360 devices running firmware up to FB0035_FW_036 and Furbo Mini devices running firmware up to MC0020_FW_074 with updated or unaffected models. Additionally, monitor for any unauthorized uploads to the Debug Log S3 bucket and consider isolating the devices from sensitive networks. [2]