CVE-2025-3646

HIGH

Petlibro < 1.7.31 - Missing Authentication

Title source: rule

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.

References (2)

[Product] https://bobdahacker.com/blog/petlibro

[Third Party Advisory] https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authorization-bypass-via-device-share-api

Scores

CVSS v3 7.3

EPSS 0.0005

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-306

Status published

Affected Products (1)

petlibro/petlibro < 1.7.31

Timeline

Published Jan 04, 2026

Tracked Since Feb 18, 2026