Refine your search
1 vulnerability found for Furbo Mobile App by Tomofun
CVE-2025-11645 (GCVE-0-2025-11645)
Vulnerability from cvelistv5
Published
2025-10-12 20:32
Modified
2025-10-18 21:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tomofun | Furbo Mobile App |
Version: 7.57.0a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:02:33.489954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:02:48.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Authentication Token Handler"
],
"product": "Furbo Mobile App",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "7.57.0a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calvin Star (Software Secured)"
},
{
"lang": "en",
"type": "finder",
"value": "Julian B (Software Secured)"
},
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo Mobile App up to 7.57.0a auf Android gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Authentication Token Handler. Durch Manipulieren mit unbekannten Daten kann eine insecure storage of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff auf das physische Ger\u00e4t ist m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T21:27:53.120Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328056 | Tomofun Furbo Mobile App Authentication Token sensitive information",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328056"
},
{
"name": "VDB-328056 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328056"
},
{
"name": "Submit #661899 | Tomofun Furbo Mobile Application \u2264 7.57.0a Insecure Storage of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-15T20:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2025-06-21T23:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2025-07-03T04:30:00.000Z",
"value": "Vendor acknowledged"
},
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-18T23:29:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo Mobile App Authentication Token sensitive information"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11645",
"datePublished": "2025-10-12T20:32:05.707Z",
"dateReserved": "2025-10-11T18:32:59.727Z",
"dateUpdated": "2025-10-18T21:27:53.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}