CVE-2025-11650: Use of Weak Hash in Tomofun Furbo 360
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-11650 identifies a security weakness in the Tomofun Furbo 360 and Furbo Mini pet cameras, specifically within the password handling mechanism that involves the /etc/shadow file. The vulnerability arises from the use of a weak cryptographic hash function to protect password data, which could potentially allow an attacker with physical access to the device to manipulate or extract password hashes. The weakness is embedded in the firmware versions up to FB0035_FW_036 for Furbo 360 and MC0020_FW_074 for Furbo Mini. Exploiting this vulnerability requires a high level of technical skill and physical access to the device, which significantly limits the attack surface. The vendor was notified but has not issued any patches or acknowledgments. The CVSS 4.0 vector indicates the attack vector is physical (AV:P), with high attack complexity (AC:H), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality (VC:L), with no impact on integrity or availability. No known exploits are currently in the wild, but public disclosure means attackers could attempt to develop exploits. The vulnerability primarily affects the confidentiality of stored password hashes, potentially allowing offline cracking attempts if the weak hash is obtained.
Potential Impact
For European organizations, the impact of this vulnerability is generally low due to the requirement for physical access and the high complexity of exploitation. However, organizations that deploy Tomofun Furbo 360 or Furbo Mini devices in sensitive environments—such as offices, care facilities, or homes of vulnerable individuals—may face risks if attackers gain physical access to these devices. The weak hash usage could allow attackers to recover passwords or credentials stored on the device, potentially leading to unauthorized access or further compromise if those credentials are reused elsewhere. Given the lack of vendor response and patches, affected devices remain vulnerable. The risk is heightened in environments where physical security is weak or where these devices are used in conjunction with other critical systems. Nevertheless, the overall threat to confidentiality, integrity, and availability of broader IT infrastructure is minimal, as the vulnerability is localized to the device and does not allow remote exploitation.
Mitigation Recommendations
European organizations using Tomofun Furbo 360 or Furbo Mini devices should implement strict physical security controls to prevent unauthorized access to the devices. This includes placing devices in secure locations and monitoring physical access. Since no patches are available, organizations should consider discontinuing use of affected firmware versions and avoid deploying these devices in sensitive or high-risk environments until a vendor update is released. Additionally, organizations should audit and change any passwords or credentials associated with these devices to prevent reuse risks. Network segmentation can limit potential lateral movement if the device is compromised. Monitoring for unusual device behavior or unauthorized physical access attempts is recommended. Finally, organizations should engage with the vendor for updates and consider alternative products with stronger security postures if possible.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-11650: Use of Weak Hash in Tomofun Furbo 360
Description
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-11650 identifies a security weakness in the Tomofun Furbo 360 and Furbo Mini pet cameras, specifically within the password handling mechanism that involves the /etc/shadow file. The vulnerability arises from the use of a weak cryptographic hash function to protect password data, which could potentially allow an attacker with physical access to the device to manipulate or extract password hashes. The weakness is embedded in the firmware versions up to FB0035_FW_036 for Furbo 360 and MC0020_FW_074 for Furbo Mini. Exploiting this vulnerability requires a high level of technical skill and physical access to the device, which significantly limits the attack surface. The vendor was notified but has not issued any patches or acknowledgments. The CVSS 4.0 vector indicates the attack vector is physical (AV:P), with high attack complexity (AC:H), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality (VC:L), with no impact on integrity or availability. No known exploits are currently in the wild, but public disclosure means attackers could attempt to develop exploits. The vulnerability primarily affects the confidentiality of stored password hashes, potentially allowing offline cracking attempts if the weak hash is obtained.
Potential Impact
For European organizations, the impact of this vulnerability is generally low due to the requirement for physical access and the high complexity of exploitation. However, organizations that deploy Tomofun Furbo 360 or Furbo Mini devices in sensitive environments—such as offices, care facilities, or homes of vulnerable individuals—may face risks if attackers gain physical access to these devices. The weak hash usage could allow attackers to recover passwords or credentials stored on the device, potentially leading to unauthorized access or further compromise if those credentials are reused elsewhere. Given the lack of vendor response and patches, affected devices remain vulnerable. The risk is heightened in environments where physical security is weak or where these devices are used in conjunction with other critical systems. Nevertheless, the overall threat to confidentiality, integrity, and availability of broader IT infrastructure is minimal, as the vulnerability is localized to the device and does not allow remote exploitation.
Mitigation Recommendations
European organizations using Tomofun Furbo 360 or Furbo Mini devices should implement strict physical security controls to prevent unauthorized access to the devices. This includes placing devices in secure locations and monitoring physical access. Since no patches are available, organizations should consider discontinuing use of affected firmware versions and avoid deploying these devices in sensitive or high-risk environments until a vendor update is released. Additionally, organizations should audit and change any passwords or credentials associated with these devices to prevent reuse risks. Network segmentation can limit potential lateral movement if the device is compromised. Monitoring for unusual device behavior or unauthorized physical access attempts is recommended. Finally, organizations should engage with the vendor for updates and consider alternative products with stronger security postures if possible.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-10-11T18:33:15.986Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68ec3621b99bb870f150ee90
Added to database: 10/12/2025, 11:13:37 PM
Last enriched: 10/27/2025, 1:26:03 AM
Last updated: 12/3/2025, 1:45:16 AM
Views: 94
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-55181: Excessive Iteration (CWE-834) in Facebook proxygen
MediumCVE-2025-64778: CWE-798 Use of Hard-coded Credentials in Mirion Medical EC2 Software NMIS BioDose
HighCVE-2025-64642: CWE-732 Incorrect Permission Assignment for Critical Resource in Mirion Medical EC2 Software NMIS BioDose
HighCVE-2025-64298: CWE-732 Incorrect Permission Assignment for Critical Resource in Mirion Medical EC2 Software NMIS BioDose
HighCVE-2025-62575: CWE-732 Incorrect Permission Assignment for Critical Resource in Mirion Medical EC2 Software NMIS BioDose
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.