exploitDog

CVE-2025-3646

Опубликовано: 04 янв. 2026

Источник: nvd

CVSS3: 7.3

CVSS3: 8.2

EPSS Низкий

Описание

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.

Ссылки

https://bobdahacker.com/blog/petlibro
Product
https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authorization-bypass-via-device-share-api
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*

Версия до 1.7.31 (включая)

EPSS

Процентиль: 18%

0.00056

Низкий

7.3 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-4v2m-wc8x-hcjv

CVSS3: 7.3

github

около 1 месяца назад

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.

EPSS

Процентиль: 18%

0.00056

Низкий

7.3 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-306