CVE-2025-3653
published 2026-01-04CVE-2025-3653: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.22%
11.9th percentile
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| petlibrio | smart_pet_feeder_platform | Unknown – 1.7.31 | — |
| petlibro | petlibro | <= 1.7.31 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4mg-vhq3-hwc2: Petlibro Smart Pet Feeder Platform versions up to 1
ghsa_unreviewed·2026-01-04
CVE-2025-3653 [MEDIUM] CWE-612 GHSA-c4mg-vhq3-hwc2: Petlibro Smart Pet Feeder Platform versions up to 1
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
Red Hat
kernel: sctp: add mutual exclusion in proc_sctp_do_udp_port()
vendor_redhat·2025-04-16·CVSS 5.5
CVE-2025-22062 [MEDIUM] CWE-476 kernel: sctp: add mutual exclusion in proc_sctp_do_udp_port()
kernel: sctp: add mutual exclusion in proc_sctp_do_udp_port()
In the Linux kernel, the following vulnerability has been resolved:
sctp: add mutual exclusion in proc_sctp_do_udp_port()
We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()
or risk a crash as syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653
Call Trace:
udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:1
No detection rules found.
No public exploits indexed.
2026-01-04
Published