CVE-2025-3646
Authorization Bypass in Petlibro Feeder Allows Unauthorized Device Access
Publication date: 2026-01-04
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| petlibro | smart_pet_feeder_platform | to 1.7.31 (inc) |
| petlibro | petlibro | to 1.7.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-3646 is an authorization bypass vulnerability in the Petlibro Smart Pet Feeder Platform (versions up to 1.7.31). Due to missing permission checks in the Device Share API, unauthorized users can add themselves as shared owners to any device. Attackers exploit this by sending crafted requests to the device share API, gaining unauthorized access to devices and viewing owner information without proper authorization. [1]
How can this vulnerability impact me? :
This vulnerability allows attackers to gain unauthorized access to Petlibro smart pet feeder devices, potentially exposing owner information and device control. This unauthorized access can lead to privacy breaches and misuse of the device, posing a medium severity risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unauthorized requests to the device share API of the Petlibro Smart Pet Feeder Platform. Specifically, look for unusual API calls that attempt to add shared owners without proper authorization. Network traffic analysis tools can be used to capture and inspect such requests. However, no specific detection commands or signatures are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the device share API to trusted users only, implementing network-level controls such as firewalls to block unauthorized requests, and updating the Petlibro Smart Pet Feeder Platform to a version later than 1.7.31 once a patch is available. Since the vulnerability arises from missing permission checks, ensuring proper authentication and authorization mechanisms are enforced is critical. [1]