cbcvebase.
CVE-2025-3652
published 2026-01-04

CVE-2025-3652: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio…

PriorityP432medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.20%
9.8th percentile
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.

Affected

7 ranges
VendorProductVersion rangeFixed in
msrcazl3_libreswan_4.15-1_on_azure_linux_3.0
msrcazl3_libreswan_4.7-7_on_azure_linux_3.0
msrccbl2_libreswan_4.14-2_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
petlibriosmart_pet_feeder_platformUnknown – 1.7.31
petlibropetlibro<= 1.7.31

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.