CVE-2025-11642 identifies a denial of service vulnerability in the Tomofun Furbo 360 and Furbo Mini pet cameras, specifically within an unspecified function of the Registration Handler component. The vulnerability allows an attacker with physical access to the device to manipulate it in a way that causes a denial of service, rendering the device inoperable or unresponsive. The attack complexity is high, indicating that exploitation requires specialized knowledge or conditions, and the exploitability is considered difficult. The vulnerability affects firmware versions Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. No authentication or user interaction is required to carry out the attack, but physical access is mandatory, limiting remote exploitation. The vendor was notified early but has not issued any response or patch, leaving devices vulnerable. The CVSS 4.0 base score is 4.1, reflecting medium severity due to the limited attack vector and impact scope. No known exploits have been reported in the wild, and the vulnerability does not affect confidentiality or integrity, only availability. This suggests the primary risk is service disruption, which could impact monitoring or pet care functions dependent on these devices.

For European organizations, the impact of this vulnerability is primarily on availability. Entities using Furbo 360 or Furbo Mini devices for pet monitoring or related IoT applications could experience device downtime if an attacker gains physical access and triggers the DoS condition. This could disrupt operational continuity in environments such as pet care facilities, veterinary clinics, or private homes where these devices are deployed. While the confidentiality and integrity of data are not compromised, loss of device functionality could lead to missed alerts or monitoring gaps. The requirement for physical access limits the risk to environments with weak physical security controls. However, in shared or public spaces, or where devices are accessible to visitors or maintenance personnel, the threat is more pronounced. The lack of vendor response and absence of patches increases the window of exposure. Organizations relying on these devices should consider the potential operational impact and evaluate physical security measures accordingly.

1. Restrict physical access to Furbo 360 and Furbo Mini devices by placing them in secure or monitored locations to prevent unauthorized manipulation. 2. Monitor device behavior regularly to detect signs of malfunction or denial of service conditions early. 3. Implement network segmentation to isolate IoT devices, limiting the impact of any device failure on broader systems. 4. Maintain an inventory of affected devices and firmware versions to identify and prioritize risk mitigation efforts. 5. Engage with the vendor or community forums for updates or unofficial patches, given the lack of official response. 6. Consider alternative devices with better security track records for critical monitoring functions. 7. Document incident response procedures specific to IoT device failures to ensure rapid recovery. 8. Educate staff and users about the importance of physical security for IoT devices and the potential risks of tampering.