CVE-2025-15115

🗓️ 03 Jan 2026 23:33:02Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 7 Views🌐 WEB

CVE-2025-15115: Authentication bypass exposes Petlibro accounts via /member/auth/thirdLogin up to 1.7.31.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-15115	4 Jan 202602:54	–	circl
CNNVD	Petlibro Smart Pet Feeder Platform 安全漏洞	4 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-15115 Petlibro Smart Pet Feeder Platform through 1.7.31 Authentication Bypass via API endpoint	3 Jan 202623:33	–	cvelist
EUVD	EUVD-2026-0787	4 Jan 202600:30	–	euvd
NVD	CVE-2025-15115	4 Jan 202600:15	–	nvd
OSV	CVE-2025-15115	4 Jan 202600:15	–	osv
Positive Technologies	PT-2026-1152	3 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15115	5 Jan 202600:07	–	redhatcve
Vulnrichment	CVE-2025-15115 Petlibro Smart Pet Feeder Platform through 1.7.31 Authentication Bypass via API endpoint	3 Jan 202623:33	–	vulnrichment

NVD

Node

petlibro petlibroRange≤1.7.31-

[
  {
    "vendor": "Petlibrio",
    "product": "Smart Pet Feeder Platform",
    "versions": [
      {
        "status": "affected",
        "version": "Unknown",
        "lessThanOrEqual": "1.7.31",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
bobdahacker	www.bobdahacker.com/blog/petlibro
vulncheck	www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authentication-bypass-via-api-endpoint

Parameter	Position	Path	Description	CWE
googleId	request body	/member/auth/thirdLogin	Authentication bypass via OAuth token validation flaw in social login allowing unauthenticated access to user accounts.	CWE-862
phoneBrand	request body	/member/auth/thirdLogin	Authentication bypass via OAuth token validation flaw in social login allowing unauthenticated access to user accounts.	CWE-862

03 Feb 2026 17:46Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5 - 9.8

CVSS 46.9

EPSS0.00139

SSVC

CWE-862