CVE-2025-11636 | THREATINT

Description

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

In Tomofun Furbo 360 up to FB0035_FW_036 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Funktion der Komponente Account Handler. Die Bearbeitung verursacht server-side request forgery. Ein Angriff ist aus der Distanz möglich. Das Durchführen eines Angriffs ist mit einer relativ hohen Komplexität verbunden. Sie gilt als schwierig auszunutzen.

PUBLISHED Reserved 2025-10-11 | Published 2025-10-12 | Updated 2025-10-12 | Assigner VulDB

MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X

MEDIUM: 5.6CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X

5.1AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND

Problem types

Server-Side Request Forgery

Product status

FB0035_FW_036

affected

Timeline

2025-10-11:	Advisory disclosed
2025-10-11:	VulDB entry created
2025-10-11:	VulDB entry last update

Credits

jTag Labs (VulDB User) reporter

References

vuldb.com/?id.328047 (VDB-328047 | Tomofun Furbo 360 Account server-side request forgery) vdb-entry

vuldb.com/?ctiid.328047 (VDB-328047 | CTI Indicators (IOB, IOC)) signature permissions-required

vuldb.com/?submit.661361 (Submit #661361 | Tomofun Furbo 360 ≤ FB0035_FW_036 Server Side Request Forgery) third-party-advisory

cve.org (CVE-2025-11636)

nvd.nist.gov (CVE-2025-11636)

Download JSON