CVE-2025-11647

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074

Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the DeviceToken argument can lead to information disclosure. The attack is limited to the local network and requires a high degree of complexity, making exploitability difficult. The exploit has been published.

Recommendations Update Furbo 360 to a version later than FB0035 FW 036. Update Furbo Mini to a version later than MC0020 FW 074.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2025-11647

Affected Products

Furbo 360

Furbo Mini

CVE-2025-11647

Weakness Enumeration

Related Identifiers

Affected Products

References · 11