CVE-2025-11642 – A denial-of-service vulnerability exists in Tom... (How to Fix)

Q: What is the severity of CVE-2025-11642?

CVE-2025-11642 has a CVSS score of 4.0 (MEDIUM). A denial-of-service vulnerability exists in Tomofun Furbo 360 and Furbo Mini pet cameras through their Registration Handler component. Physical access to the device is required for exploitation, making it primarily a risk for device owners or those with physical proximity. The vulnerability can render the camera unresponsive or non-functional.

📋 TL;DR

A denial-of-service vulnerability exists in Tomofun Furbo 360 and Furbo Mini pet cameras through their Registration Handler component. Physical access to the device is required for exploitation, making it primarily a risk for device owners or those with physical proximity. The vulnerability can render the camera unresponsive or non-functional.

💻 Affected Systems

Products:

Tomofun Furbo 360
Tomofun Furbo Mini

Versions: Furbo 360 up to FB0035_FW_036, Furbo Mini up to MC0020_FW_074

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default. Physical access to device is required for exploitation.

📦 What is this software?

Furbo 360 Dog Camera Firmware by Furbo

View all CVEs affecting Furbo 360 Dog Camera Firmware →

Furbo Mini Firmware by Furbo

View all CVEs affecting Furbo Mini Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Device becomes completely inoperable, requiring physical reset or replacement, disrupting pet monitoring capabilities.

🟠

Likely Case

Temporary service disruption requiring device reboot, causing monitoring gaps.

🟢

If Mitigated

Minimal impact with proper physical security preventing unauthorized access to devices.

🌐 Internet-Facing: LOW - Exploitation requires physical device access, not remote network access.

🏢 Internal Only: MEDIUM - Physical access to devices in homes or offices could lead to service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical device access and technical knowledge of the Registration Handler component. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Furbo 360: versions after FB0035_FW_036, Furbo Mini: versions after MC0020_FW_074

Vendor Advisory: No vendor advisory available - vendor did not respond to disclosure

Restart Required: No

Instructions:

1. Open Furbo mobile app. 2. Navigate to device settings. 3. Check for firmware updates. 4. Install any available updates. 5. Verify firmware version is above affected ranges.

🔧 Temporary Workarounds

Physical Security Controls

all

Restrict physical access to devices to prevent potential exploitation.

Network Segmentation

all

Isolate Furbo devices on separate network segments to limit potential attack surface.

🧯 If You Can't Patch

Implement strict physical access controls to prevent unauthorized device access
Monitor device availability and have procedures for manual reset if service disruption occurs

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Furbo mobile app: Settings > Device Info > Firmware Version

Check Version:

No CLI command - use Furbo mobile app: Settings > Device Info

Verify Fix Applied:

Confirm firmware version is above affected ranges: Furbo 360 > FB0035_FW_036, Furbo Mini > MC0020_FW_074

📡 Detection & Monitoring

Log Indicators:

Device registration failures
Unexpected device reboots
Service interruption alerts

Network Indicators:

Device going offline unexpectedly
Unusual physical access patterns to device location

SIEM Query:

No standard SIEM query - monitor for device offline alerts and physical access logs

📊 Metadata

CVE ID: CVE-2025-11642

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

EPSS Score: 0.03% exploit probability (9.2th percentile)

Published: October 12, 2025

Last Updated: October 29, 2025

🔗 References

https://vuldb.com/?ctiid.328053 Permissions Required,VDB Entry
https://vuldb.com/?id.328053 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.661380 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11642, you might also want to check these: