CVE-2025-11645
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tomofun | furbo_mobile_app | 7.57.0a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tomofun Furbo Mobile App up to version 7.57.0a on Android, specifically in the Authentication Token Handler component. It allows an attacker with physical access to the device to manipulate the app, leading to insecure storage of sensitive information. The vulnerability has been publicly disclosed and may be exploited.
How can this vulnerability impact me? :
The vulnerability can lead to sensitive information being stored insecurely on the device, which an attacker with physical access could exploit. This could result in unauthorized access to sensitive data, potentially compromising user privacy or security.