CVE-2025-15115
MEDIUMPetlibro < 1.7.31 - Unauthenticated Authentication Bypass via OAuth Token Validation Flaw
Title source: llmDescription
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.
References (2)
Core 2
Core References
Product third-party-advisory
technical-description
https://bobdahacker.com/blog/petlibro
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authentication-bypass-via-api-endpoint
Scores
CVSS v3
6.5
EPSS
0.0026
EPSS Percentile
17.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
petlibro/petlibro
< 1.7.31
Published
Jan 04, 2026
Tracked Since
Feb 18, 2026