Is there a public PoC exploit available for CVE-2025-11650?

Yes, a public proof-of-concept exploit is available for CVE-2025-11650. Prioritise patching immediately. EPSS: 0.0%.

Tomofun Furbo 360 and Furbo Mini CVE-2025-11650

Q: What is the CVSS score of CVE-2025-11650?

CVE-2025-11650 has a CVSS 4.0 base score of 0.3 (Low). CVSS vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

2025-10-12 cna@vuldb.com

Information Disclosure Furbo Mini Firmware Furbo 360 Dog Camera Firmware

0.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

0.3 LOW

CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Physical

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:17 vuln.today

DescriptionCVE.org

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Weak cryptographic hash implementation in Tomofun Furbo 360 and Furbo Mini firmware allows local attackers with low privileges to compromise password security through use of insecure encryption algorithms in the password handler. The vulnerability affects Furbo 360 up to firmware version FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Publicly available exploit code exists, though real-world exploitation requires physical device access and high technical complexity.

Technical ContextAI

The vulnerability resides in the password handler component that processes /etc/shadow file operations on these smart pet camera devices. The root cause is classified as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), indicating the device firmware uses inadequate or obsolete hashing mechanisms to store or validate password credentials. The affected products are identified by CPE strings cpe:2.3:o:furbo:furbo_mini_firmware and cpe:2.3:o:furbo:furbo_360_dog_camera_firmware. This is a firmware-level cryptographic weakness rather than a network protocol or application-layer flaw, requiring direct device interaction or firmware analysis to exploit.

RemediationAI

Upgrade Furbo 360 devices to firmware version newer than FB0035_FW_036 and Furbo Mini devices to firmware version newer than MC0020_FW_074. Check the Tomofun support website or device settings for available firmware updates, as the vendor did not respond to early disclosure and no official advisory is available. As an interim compensating control, restrict physical access to the devices to trusted users only and disable remote administrative access features if supported. Consider disabling password-based authentication in favor of stronger credential mechanisms if the device firmware supports alternative authentication methods. Note that no additional workarounds are feasible because the weakness is embedded in the firmware's core password handling routine; firmware update remains the only effective remediation.

CVE-2025-11650 vulnerability details – vuln.today

Back