CVE-2025-11636HIGH 8.1EPSS p27.8%

CVE-2025-11636CVE-2025-11636

Description

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.8% · 2026-06-18T12:00:27Z
Published2025-10-12
Last modified2025-10-30

Underlying weaknesses· 1

CWE-918

References

  1. https://vuldb.com/?ctiid.328047
  2. https://vuldb.com/?id.328047
  3. https://vuldb.com/?submit.661361

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11646
CVE
CVE-2025-11643
CVE
CVE-2025-28036
CVE
CVE-2025-8937
CVE
CVE-2025-4826
CVE
CVE-2026-5020
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.