CVE-2025-11646HIGH 8.1EPSS p38.9%

CVE-2025-11646CVE-2025-11646

Description

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.50% probability of exploitation · percentile 38.9% · 2026-06-19T12:03:05Z
Published2025-10-12
Last modified2026-04-29

Underlying weaknesses· 2

CWE-266CWE-284

References

  1. https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md
  2. https://vuldb.com/?ctiid.328057
  3. https://vuldb.com/?id.328057
  4. https://vuldb.com/?submit.661900
  5. https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11643
CVE
CVE-2025-11636
CVE
CVE-2025-52046
CVE
CVE-2025-28036
CVE
CVE-2025-3646
CVE
CVE-2025-4462
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.