CVE-2025-11640
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-310 | Cryptographic Issues |
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Tomofun Furbo 360 and Furbo Mini devices in their Bluetooth Low Energy component. It allows sensitive information to be transmitted in cleartext, meaning the data is not encrypted and can be intercepted by someone with access to the local network. Exploiting this vulnerability is highly complex and difficult.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information transmitted by the affected devices over Bluetooth Low Energy. An attacker with access to the local network could intercept this information due to the cleartext transmission. However, the attack is difficult to execute and requires local network access.