CVE-2025-11639

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074

Description A security issue exists in Tomofun Furbo 360 and Furbo Mini related to insecure storage of sensitive information. The issue is associated with the collect logs.sh file within the Debug Log S3 Bucket Handler component and involves an unknown function. Exploitation requires local access.

Recommendations Update Tomofun Furbo 360 to a version later than FB0035 FW 036 Update Tomofun Furbo Mini to a version later than MC0020 FW 074

Exploit

Fix

Information Disclosure

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-922

Related Identifiers

CVE-2025-11639

Affected Products

Tomofun Furbo 360

Tomofun Furbo Mini

CVE-2025-11639

Weakness Enumeration

Related Identifiers

Affected Products

References · 9