Improper Certificate Validation in Tomofun Furbo Devices
CVE-2025-11633

6.3MEDIUM

Key Information:

Vendor

Tomofun

Status
Furbo 360
Furbo Mini
Vendor
CVE Published:
12 October 2025

What is CVE-2025-11633?

A security vulnerability has been discovered in the Tomofun Furbo 360 and Furbo Mini devices that impacts the functionality of the HTTP Traffic Handler component. This issue pertains to improper validation of SSL/TLS certificates, potentially allowing attackers to execute remote operations. Exploitation requires advanced techniques, posing a challenge for attackers. The vulnerability affects specific firmware versions: Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Despite early contact attempts, the vendor has not responded regarding this disclosure, leaving users at risk.

Affected Version(s)

Furbo 360

Furbo Mini

References

https://vuldb.com/?id.328044
vdb-entry
https://vuldb.com/?ctiid.328044
signaturepermissions-required
https://vuldb.com/?submit.661352
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jTag Labs (VulDB User)
JSON
.
CVE-2025-11633 : Improper Certificate Validation in Tomofun Furbo Devices