Information Disclosure Vulnerability in Tomofun Furbo 360 and Furbo Mini
CVE-2025-11634

2.4LOW

Key Information:

Vendor

Tomofun

Status
Furbo 360
Furbo Mini
Vendor
CVE Published:
12 October 2025

What is CVE-2025-11634?

A security flaw has been identified in the UART interface of Tomofun's Furbo 360 and Furbo Mini devices, potentially leading to unauthorized information disclosure. Physical attacks on the devices could exploit this vulnerability. Affected firmware versions include Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Despite early communication about the issue, the vendor has not provided any response.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Furbo 360

Furbo Mini

References

https://vuldb.com/?id.328045
vdb-entrytechnical-description
https://vuldb.com/?ctiid.328045
signaturepermissions-required
https://vuldb.com/?submit.661353
third-party-advisory

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jTag Labs (VulDB User)
JSON
.