CVE-2025-11639 | Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information

A vulnerability, which was classified as problematic, has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information.

This vulnerability is traded as CVE-2025-11639. An attack has to be approached locally. There is no exploit available.

The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More