CVE-2025-11650

12.10.2025, 23:15

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	1.8 LOW	PHYSICAL	HIGH	LOW	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
VulDB	CNA	1.8 LOW				CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md

https://vuldb.com/?ctiid.328061

https://vuldb.com/?id.328061

https://vuldb.com/?submit.662771