Server-Side Request Forgery Vulnerability in Tomofun Furbo 360
CVE-2025-11636

6.3MEDIUM

Key Information:

Vendor

Tomofun

Status
Furbo 360
Vendor
CVE Published:
12 October 2025

What is CVE-2025-11636?

A security vulnerability in Tomofun Furbo 360 affects versions up to FB0035_FW_036, stemming from an improper processing issue in the Account Handler component. This flaw allows an attacker to perform server-side request forgery, potentially leading to unauthorized actions on the server. The attack can be executed remotely, increasing the risk of exploitation. The complexity of the attack is considered high, and as of now, Tomofun has not responded to the disclosure of this vulnerability.

Affected Version(s)

Furbo 360 FB0035_FW_036

References

https://vuldb.com/?id.328047
vdb-entry
https://vuldb.com/?ctiid.328047
signaturepermissions-required
https://vuldb.com/?submit.661361
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jTag Labs (VulDB User)
JSON
.
CVE-2025-11636 : Server-Side Request Forgery Vulnerability in Tomofun Furbo 360