CVE-2025-11637
CVE-2025-11637 is a medium-severity vulnerability in Furbo Furbo 360 Dog Camera Firmware with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-362.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- CVSS v2: 4.0
- CVSS v4: 5.3
- EPSS exploit prediction: 0% (20th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-33901
- Weakness: CWE-362
- Affected product: Furbo Furbo 360 Dog Camera Firmware
- Published:
- Last modified:
Description
A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Frequently asked questions
- What is CVE-2025-11637?
- A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
- How severe is CVE-2025-11637?
- CVE-2025-11637 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2025-11637 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (20th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-11637?
- CVE-2025-11637 affects Furbo Furbo 360 Dog Camera Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-11637?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-11637 have an EU (EUVD) identifier?
- Yes. CVE-2025-11637 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-33901.
- When was CVE-2025-11637 published?
- CVE-2025-11637 was published on 2025-10-12 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Furbo Furbo 360 Dog Camera Firmware
- CVE-2025-11649 — High (CVSS 7.0): A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the…
- CVE-2025-11646 — Medium (CVSS 6.3): A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the…
- CVE-2025-11648 — Medium (CVSS 5.6): A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file…
- CVE-2025-11636 — Medium (CVSS 5.6): A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown…
- CVE-2025-11638 — Medium (CVSS 4.3): A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component…
- CVE-2025-11635 — Medium (CVSS 4.3): A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the…
All CVEs affecting Furbo Furbo 360 Dog Camera Firmware →
Other CWE-362 (Race Condition) vulnerabilities
- CVE-2022-27626 — Critical (CVSS 10.0): A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition')…
- CVE-2015-8556 — Critical (CVSS 10.0): Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
- CVE-2014-0703 — Critical (CVSS 10.0): Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition…
- CVE-2010-1228 — Critical (CVSS 10.0): Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and…
- CVE-2008-6598 — Critical (CVSS 10.0): Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
- CVE-2026-46137 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential…