CVE-2025-3646
Unknown Unknown - Not Provided
Authorization Bypass in Petlibro Feeder Allows Unauthorized Device Access

Publication date: 2026-01-04

Last updated on: 2026-02-03

Assigner: VulnCheck

Description
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-04
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-01-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-3646
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
petlibro smart_pet_feeder_platform to 1.7.31 (inc)
petlibro petlibro to 1.7.31 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-3646 is an authorization bypass vulnerability in the Petlibro Smart Pet Feeder Platform (versions up to 1.7.31). Due to missing permission checks in the Device Share API, unauthorized users can add themselves as shared owners to any device. Attackers exploit this by sending crafted requests to the device share API, gaining unauthorized access to devices and viewing owner information without proper authorization. [1]

Impact Analysis

This vulnerability allows attackers to gain unauthorized access to Petlibro smart pet feeder devices, potentially exposing owner information and device control. This unauthorized access can lead to privacy breaches and misuse of the device, posing a medium severity risk. [1]

Detection Guidance

Detection involves monitoring for unauthorized requests to the device share API of the Petlibro Smart Pet Feeder Platform. Specifically, look for unusual API calls that attempt to add shared owners without proper authorization. Network traffic analysis tools can be used to capture and inspect such requests. However, no specific detection commands or signatures are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the device share API to trusted users only, implementing network-level controls such as firewalls to block unauthorized requests, and updating the Petlibro Smart Pet Feeder Platform to a version later than 1.7.31 once a patch is available. Since the vulnerability arises from missing permission checks, ensuring proper authentication and authorization mechanisms are enforced is critical. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-3646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart