CVE-2025-11636

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions up to FB0035 FW 036

Description A server-side request forgery issue exists in the Account Handler component of Tomofun Furbo 360. The issue involves some unknown processing within this component, allowing for remote execution of the attack. The complexity of the attack is high, and exploitability is considered difficult. The vendor was contacted regarding this issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.