CVE-2025-11646
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11646
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
furbo furbo_mini_firmware to 074 (inc)
furbo furbo_mini *
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Tomofun Furbo 360 and Furbo Mini devices, specifically in the GATT Service component. It allows improper access controls, meaning unauthorized users on the local network could potentially exploit the device. The attack requires local network access and the affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.

Impact Analysis

The vulnerability can lead to unauthorized access to the affected devices from within the local network. This could result in exposure of sensitive information or unauthorized control of the device, potentially compromising privacy and security.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Tomofun Furbo 360 and Furbo Mini devices are not running affected firmware versions (Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074). Restrict access to the local network where these devices operate, as the attack can only be performed from the local network. Monitor for any firmware updates from the vendor, although no response has been received yet. Consider isolating these devices on a separate network segment to limit exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart