CVE-2025-3646

7.3 HIGH
Published: January 04, 2026 Modified: February 03, 2026
View on NVD

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://bobdahacker.com/blog/petlibro
Source: disclosure@vulncheck.com
Product
https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authorization-bypass-via-device-share-api
Source: disclosure@vulncheck.com
Third Party Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.3 / 10.0
EPSS (Exploit Probability)
0.1%
16th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-306

Affected Vendors

petlibro

Related CVEs

CVE-2026-4597 6.3
CVE-2026-4368 N/A
CVE-2026-3055 N/A
CVE-2026-23882 N/A
CVE-2026-23488 N/A