Denial of Service Vulnerability in Tomofun Furbo 360 and Furbo Mini
CVE-2025-11642

4.1MEDIUM

Key Information:

Vendor

Tomofun

Status
Furbo 360
Furbo Mini
Vendor
CVE Published:
12 October 2025

What is CVE-2025-11642?

A vulnerability in the registration handler of Tomofun's Furbo 360 and Furbo Mini devices allows an attacker to execute a denial of service attack directly on the physical device. This manipulation could disrupt normal operations, rendering the affected devices inoperative. The complexity of the attack is notably high, making successful exploitation less straightforward. Firmware versions affected include Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Despite efforts to inform the vendor of this disclosure, no response was received.

Affected Version(s)

Furbo 360

Furbo Mini

References

https://vuldb.com/?id.328053
vdb-entry
https://vuldb.com/?ctiid.328053
signaturepermissions-required
https://vuldb.com/?submit.661380
third-party-advisory

CVSS V4

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jTag Labs (VulDB User)
JSON
.
CVE-2025-11642 : Denial of Service Vulnerability in Tomofun Furbo 360 and Furbo Mini