Login Sign Up

CVE-2025-11646

6.3 MEDIUM

📋 TL;DR

This vulnerability allows attackers on the same local network to bypass access controls in Tomofun Furbo pet cameras via the GATT Service, potentially accessing sensitive device information. It affects Furbo 360 and Furbo Mini devices with vulnerable firmware versions. The exploit is publicly available, increasing the risk for affected devices.

💻 Affected Systems

Products:
  • Tomofun Furbo 360
  • Tomofun Furbo Mini
Versions: Furbo 360 up to FB0035_FW_036, Furbo Mini up to MC0020_FW_074
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with affected firmware versions are vulnerable by default.

📦 What is this software?

Furbo 360 Dog Camera Firmware by Furbo

View all CVEs affecting Furbo 360 Dog Camera Firmware →

Furbo Mini Firmware by Furbo

View all CVEs affecting Furbo Mini Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive device data, potentially enabling further attacks or compromising pet monitoring functionality.

🟠

Likely Case

Unauthorized access to device information and potential disruption of normal camera operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: LOW - Attack requires local network access only.
🏢 Internal Only: HIGH - Attackers on the same local network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires local network access and knowledge of Bluetooth GATT service manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates if they become available.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Furbo devices on separate VLAN or network segment to limit attack surface

Disable Unnecessary Services

all

If possible, disable Bluetooth/GATT services not required for operation

🧯 If You Can't Patch

  • Segment Furbo devices on isolated network away from other critical systems
  • Monitor network traffic for unusual Bluetooth/GATT service access patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in Furbo mobile app: Settings > Device Info > Firmware Version

Check Version:

No CLI command - use Furbo mobile app interface

Verify Fix Applied:

Verify firmware version is above FB0035_FW_036 for Furbo 360 or MC0020_FW_074 for Furbo Mini

📡 Detection & Monitoring

Log Indicators:

  • Unusual Bluetooth connection attempts
  • Multiple failed GATT service access attempts

Network Indicators:

  • Unexpected Bluetooth traffic to Furbo devices
  • GATT service enumeration attempts

SIEM Query:

No standard SIEM query available - monitor for Bluetooth service enumeration patterns

📊 Metadata

CVE ID: CVE-2025-11646
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.04% exploit probability (10.6th percentile)
Published: October 12, 2025
Last Updated: October 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11646, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)