CVE-2025-15115
📋 TL;DR
This authentication bypass vulnerability in Petlibro Smart Pet Feeder Platform allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws. Attackers can send specially crafted requests to the social login endpoint to obtain full session tokens without proper verification. All users of affected Petlibro smart pet feeder platforms are impacted.
💻 Affected Systems
- Petlibro Smart Pet Feeder Platform
📦 What is this software?
Petlibro by Petlibro
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of all user accounts, allowing them to manipulate pet feeding schedules, access personal information, and potentially compromise other connected smart home devices.
Likely Case
Attackers access random user accounts to disrupt feeding schedules, view personal data, and potentially use compromised accounts for further attacks.
If Mitigated
With proper network segmentation and monitoring, impact is limited to unauthorized access to the pet feeder platform only.
🎯 Exploit Status
Exploitation requires sending HTTP requests to the vulnerable endpoint with crafted parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.32 or later
Vendor Advisory: https://bobdahacker.com/blog/petlibro
Restart Required: Yes
Instructions:
1. Check current version. 2. Update to version 1.7.32 or later. 3. Restart the pet feeder platform service. 4. Verify the fix by testing authentication.
🔧 Temporary Workarounds
Disable Social Login
allTemporarily disable social login functionality to prevent exploitation via the vulnerable endpoint.
Modify configuration to disable third-party authentication
Network Access Control
allRestrict access to the vulnerable endpoint using firewall rules or web application firewall.
Block access to /member/auth/thirdLogin endpoint
🧯 If You Can't Patch
- Isolate the pet feeder platform on a separate network segment
- Implement strict monitoring for authentication bypass attempts
🔍 How to Verify
Check if Vulnerable:
Send a test request to /member/auth/thirdLogin with arbitrary Google ID and phoneBrand parameters and check if authentication succeeds without proper OAuth verification.Check Version:
Check platform version in admin interface or configuration filesVerify Fix Applied:
Attempt the same exploit after patching; requests with invalid OAuth tokens should be rejected.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful login via /member/auth/thirdLogin
- Requests to thirdLogin endpoint with unusual parameters
Network Indicators:
- Unusual traffic patterns to authentication endpoints
- Requests containing arbitrary Google IDs
SIEM Query:
source_ip=* AND uri_path="/member/auth/thirdLogin" AND (google_id=* OR phoneBrand=*)