Denial of Service Vulnerability in Tomofun Furbo Devices
CVE-2025-11638

5.3MEDIUM

Key Information:

Vendor

Tomofun

Status
Furbo 360
Furbo Mini
Vendor
CVE Published:
12 October 2025

What is CVE-2025-11638?

A vulnerability has been identified in the Tomofun Furbo 360 and Furbo Mini, specifically related to the Bluetooth Handler component. This issue allows an attacker with local network access to execute manipulation techniques that can result in a denial of service. Firmware versions prior to FB0035_FW_036 for Furbo 360 and MC0020_FW_074 for Furbo Mini are affected. The vendor has been informed of this security concern, but has yet to respond.

Affected Version(s)

Furbo 360

Furbo Mini

References

https://vuldb.com/?id.328049
vdb-entry
https://vuldb.com/?ctiid.328049
signaturepermissions-required
https://vuldb.com/?submit.661363
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jTag Labs (VulDB User)
JSON
.
CVE-2025-11638 : Denial of Service Vulnerability in Tomofun Furbo Devices