CVE-2025-11648 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-11648?

CVE-2025-11648 has a CVSS score of 5.6 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Tomofun Furbo 360 and Furbo Mini pet cameras via their GATT Interface URL Handler. Attackers can potentially make the device's internal services send requests to arbitrary URLs, which could lead to information disclosure or further attacks. All users with affected firmware versions are vulnerable.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Tomofun Furbo 360 and Furbo Mini pet cameras via their GATT Interface URL Handler. Attackers can potentially make the device's internal services send requests to arbitrary URLs, which could lead to information disclosure or further attacks. All users with affected firmware versions are vulnerable.

💻 Affected Systems

Products:

Tomofun Furbo 360
Tomofun Furbo Mini

Versions: Furbo 360 up to FB0035_FW_036, Furbo Mini up to MC0020_FW_074

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires Bluetooth Low Energy (BLE) proximity for initial access to the GATT interface.

📦 What is this software?

Furbo 360 Dog Camera Firmware by Furbo

View all CVEs affecting Furbo 360 Dog Camera Firmware →

Furbo Mini Firmware by Furbo

View all CVEs affecting Furbo Mini Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could use the SSRF to access internal services, potentially retrieving sensitive data, scanning internal networks, or chaining with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, limited internal network scanning, or denial of service by exhausting device resources.

🟢

If Mitigated

With proper network segmentation and firewall rules, impact would be limited to the device itself with minimal data exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires BLE access to the device and manipulation of the TF_FQDN.json file via the GATT interface. The vendor did not respond to disclosure attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor unresponsive

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor Tomofun's official channels for firmware updates.

🔧 Temporary Workarounds

Disable Bluetooth when not needed

all

Turn off Bluetooth on the Furbo device when not actively using BLE features to prevent initial attack vector

Use Furbo mobile app settings to disable Bluetooth connectivity

Network segmentation

all

Place Furbo devices on isolated network segments to limit SSRF impact

🧯 If You Can't Patch

Physically isolate Furbo devices from sensitive internal networks
Implement strict firewall rules blocking outbound requests from Furbo devices except to required services

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Furbo mobile app: Settings > Device Info > Firmware Version

Check Version:

No CLI command - use Furbo mobile app interface

Verify Fix Applied:

Verify firmware version is above FB0035_FW_036 for Furbo 360 or MC0020_FW_074 for Furbo Mini

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Furbo device IPs
BLE connection attempts from unauthorized devices

Network Indicators:

HTTP requests from Furbo devices to unexpected internal/external endpoints
Unusual BLE traffic patterns

SIEM Query:

source_ip="Furbo_device_IP" AND (http_request OR destination_port=80 OR destination_port=443) NOT destination_ip="expected_services"

📊 Metadata

CVE ID: CVE-2025-11648

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.08% exploit probability (22.7th percentile)

Published: October 12, 2025

Last Updated: October 28, 2025

🔗 References

https://github.com/dead1nfluence/Furbo-Advisories/blob/main/SSRF-via-BLE.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328059 Permissions Required,VDB Entry
https://vuldb.com/?id.328059 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.662768 Third Party Advisory,VDB Entry
https://github.com/dead1nfluence/Furbo-Advisories/blob/main/SSRF-via-BLE.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11648, you might also want to check these: