CVE-2025-11639
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-29

Assigner: VulDB

Description
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-29
Generated
2026-06-16
AI Q&A
2025-10-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11639
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
furbo furbo_mini_firmware to 074 (inc)
furbo furbo_mini *
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11639 is a vulnerability in Tomofun Furbo 360 and Furbo Mini devices affecting the collect_logs.sh script in the Debug Log S3 Bucket Handler. The script insecurely stores sensitive information, specifically exposing the 'x-amz-grant-full-control' header. An attacker with local access can retrieve this header, which grants permissions to upload arbitrary data to the device's Debug Log Amazon S3 bucket. This can lead to unauthorized data uploads, data pollution, or potentially compromise Furbo’s systems by uploading malicious files. Because device IDs are sequential, attackers might also affect other users' devices. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing a local attacker to access sensitive information and gain unauthorized permissions to upload arbitrary data to the Furbo Debug Log S3 bucket. This could result in data pollution or compromise of the Furbo system if malicious files are uploaded and executed. Additionally, due to sequential device IDs, attackers might target other users' devices, increasing the scope of the impact. [1, 2]

Detection Guidance

This vulnerability can be detected by accessing the device locally and inspecting the file collect_logs.sh located at /tmp/furbo_app/bin/. Specifically, you can read this script to check for the presence of the sensitive x-amz-grant-full-control header which is insecurely stored. For example, you can use the command: cat /tmp/furbo_app/bin/collect_logs.sh to view the contents and verify if the sensitive header is exposed. Detection requires local access to the device or extraction of the Furbo service files. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the affected devices to prevent unauthorized users from reading the collect_logs.sh script. Since no official fixes or patches are available and the vendor has not responded, it is recommended to replace the affected Furbo 360 devices running firmware up to FB0035_FW_036 and Furbo Mini devices running firmware up to MC0020_FW_074 with updated or unaffected models. Additionally, monitor for any unauthorized uploads to the Debug Log S3 bucket and consider isolating the devices from sensitive networks. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11639. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart