CVE-2025-11650
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11650
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
furbo furbo_mini_firmware to 074 (inc)
furbo furbo_mini *
furbo furbo_360_dog_camera_firmware to 036 (inc)
furbo furbo_360_dog_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Tomofun Furbo 360 and Furbo Mini devices, specifically an unknown function related to the /etc/shadow file in the Password Handler component. The vulnerability allows manipulation that can lead to the use of a weak hash for passwords. Exploiting this vulnerability requires physical access to the device and is considered difficult due to the high complexity involved. The affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.

Impact Analysis

The vulnerability can impact you by potentially weakening the security of password hashes stored on the device, which could allow an attacker with physical access to exploit weak password protections. However, the exploitability is difficult and requires high complexity, so the risk is relatively low. Still, if exploited, it could compromise password security on the affected devices.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart