CVE-2025-11643

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074

Description A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves manipulation of the file /squashfs-root/furbo img within the MQTT Client Certificate component, leading to the exposure of hard-coded credentials. This attack can be initiated remotely and is considered to have high complexity, though exploitation is difficult.

Recommendations Update Furbo 360 to a version later than FB0035 FW 036. Update Furbo Mini to a version later than MC0020 FW 074.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-338CWE-798

Related Identifiers

BDU:2026-00038

CVE-2025-11643

Affected Products

Furbo 360

Furbo Mini

CVE-2025-11643

Weakness Enumeration

Related Identifiers

Affected Products

References · 12