CVE-2025-15115CRITICAL 9.8EPSS p17.2%

CVE-2025-15115CVE-2025-15115

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.26% probability of exploitation · percentile 17.2% · 2026-06-19T12:03:05Z
Published2026-01-04
Last modified2026-02-03

Underlying weaknesses· 1

CWE-862

References

  1. https://bobdahacker.com/blog/petlibro
  2. https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authentication-bypass-via-api-endpoint

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3660
CVE
CVE-2025-3646
CVE
CVE-2025-3653
CVE
CVE-2025-3654
CVE
CVE-2025-57119
CVE
CVE-2025-54725
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.