CVE-2025-11640

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are highly complex. The exploitability is reported as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 3.1 LOW
CVSS v2.0 1.8 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.8^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 3.2 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?ctiid.328051	Permissions Required VDB Entry
https://vuldb.com/?id.328051	Third Party Advisory VDB Entry
https://vuldb.com/?submit.661374	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:furbo:furbo_mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furbo:furbo_mini:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furbo:furbo_360_dog_camera:*:*:*:*:*:*:*:*

History

29 Oct 2025, 13:53

Type	Values Removed	Values Added
First Time		Furbo Furbo furbo 360 Dog Camera Furbo furbo Mini Firmware Furbo furbo Mini Furbo furbo 360 Dog Camera Firmware
References	~~() https://vuldb.com/?ctiid.328051 -~~	() https://vuldb.com/?ctiid.328051 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.328051 -~~	() https://vuldb.com/?id.328051 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.661374 -~~	() https://vuldb.com/?submit.661374 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:o:furbo:furbo_mini_firmware:::::::: cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:::::::: cpe:2.3:h:furbo:furbo_360_dog_camera:::::::: cpe:2.3:h:furbo:furbo_mini:-:::::::*

12 Oct 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-12 18:15

Updated : 2025-10-29 13:53

NVD link : CVE-2025-11640

Mitre link : CVE-2025-11640

CVE.ORG link : CVE-2025-11640

JSON object : View

Products Affected

furbo

furbo_mini
furbo_mini_firmware
furbo_360_dog_camera
furbo_360_dog_camera_firmware

CWE

CWE-310

Cryptographic Issues

CWE-319

Cleartext Transmission of Sensitive Information

3.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.8 /10

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-11640

3.1^/10

1.8^/10

Attach tags to `CVE-2025-11640`