Vulnerability Description
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure.md
- https://vuldb.com/?ctiid.328056
- https://vuldb.com/?id.328056
- https://vuldb.com/?submit.661899
- https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure.md
FAQ
What is CVE-2025-11645?
CVE-2025-11645 is a vulnerability with a CVSS score of 2.4 (LOW). A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to i...
How severe is CVE-2025-11645?
CVE-2025-11645 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11645?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.