CVE-2025-11643HIGH 8.1EPSS p16.7%

CVE-2025-11643CVE-2025-11643

Description

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.26% probability of exploitation · percentile 16.7% · 2026-06-19T12:03:05Z
Published2025-10-12
Last modified2025-10-29

Underlying weaknesses· 2

CWE-259CWE-798

References

  1. https://vuldb.com/?ctiid.328054
  2. https://vuldb.com/?id.328054
  3. https://vuldb.com/?submit.661875
  4. https://vuldb.com/?submit.661875

2

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Passwordcwe-2590%live
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11646
CVE
CVE-2025-11636
CVE
CVE-2026-49199
CVE
CVE-2026-7414
CVE
CVE-2025-3653
CVE
CVE-2025-52046
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.