CVE-2025-11649

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074

Description A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves an unknown function within the Root Account Handler component, which, when manipulated, exposes a hard-coded password. An attacker with local access can exploit this flaw, potentially gaining unauthorized control over the device. The exploit has been made public. The complexity of the attack is considered high, and exploitability is described as difficult.

Recommendations For Tomofun Furbo 360 versions prior to FB0035 FW 036, update the firmware to version FB0035 FW 036 or later. For Tomofun Furbo Mini versions prior to MC0020 FW 074, update the firmware to version MC0020 FW 074 or later.