CVE-2025-11649
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-255 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Tomofun Furbo 360 and Furbo Mini devices within an unknown function of the Root Account Handler component. It involves the use of a hard-coded password, which can be exploited by an attacker with local access. The attack is complex and difficult to execute, but the exploit has been made public.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to complete compromise of confidentiality, integrity, and availability of the affected device. An attacker with local access could use the hard-coded password to gain unauthorized root-level access, potentially controlling the device and accessing sensitive information.