CVE-2025-11638

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 4.3 MEDIUM
CVSS v2.0 3.3 LOW

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://vuldb.com/?ctiid.328049	Permissions Required VDB Entry
https://vuldb.com/?id.328049	Third Party Advisory VDB Entry
https://vuldb.com/?submit.661363	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:furbo:furbo_mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furbo:furbo_mini:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furbo:furbo_360_dog_camera:*:*:*:*:*:*:*:*

History

30 Oct 2025, 19:23

Type	Values Removed	Values Added
CPE		cpe:2.3:h:furbo:furbo_360_dog_camera:::::::: cpe:2.3:h:furbo:furbo_mini:-:::::::* cpe:2.3:o:furbo:furbo_mini_firmware:::::::: cpe:2.3:o:furbo:furbo_360_dog_camera_firmware::::::::
First Time		Furbo furbo Mini Firmware Furbo furbo 360 Dog Camera Furbo Furbo furbo Mini Furbo furbo 360 Dog Camera Firmware
References	~~() https://vuldb.com/?ctiid.328049 -~~	() https://vuldb.com/?ctiid.328049 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.328049 -~~	() https://vuldb.com/?id.328049 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.661363 -~~	() https://vuldb.com/?submit.661363 - Third Party Advisory, VDB Entry

Information

Published : 2025-10-12 17:15

Updated : 2025-10-30 19:23

NVD link : CVE-2025-11638

Mitre link : CVE-2025-11638

CVE.ORG link : CVE-2025-11638

JSON object : View

Products Affected

furbo

furbo_360_dog_camera_firmware
furbo_mini_firmware
furbo_mini
furbo_360_dog_camera

CWE

CWE-404

Improper Resource Shutdown or Release

4.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-11638

4.3^/10

3.3^/10

Attach tags to `CVE-2025-11638`