CVE-2025-11649 | Tomofun Furbo 360/Furbo Mini Root Account hard-coded password

A vulnerability marked as critical has been reported in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password.

This vulnerability is cataloged as CVE-2025-11649. The attack must be initiated from a local position. Furthermore, there is an exploit available.

The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More