CVE-2025-3652

🗓️ 03 Jan 2026 23:33:03Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 16 Views🌐 WEB

CVE-2025-3652 allows unauthorized access to private audio on Petlibro feeder up to v1.7.31 via audio endpoint use.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-3652	4 Jan 202602:34	–	circl
CNNVD	Petlibro Smart Pet Feeder Platform 安全漏洞	4 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-3652 Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint	3 Jan 202623:33	–	cvelist
EUVD	EUVD-2026-0789	4 Jan 202600:30	–	euvd
NVD	CVE-2025-3652	4 Jan 202600:15	–	nvd
OSV	CVE-2025-3652	4 Jan 202600:15	–	osv
Positive Technologies	PT-2026-1180	3 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-3652	5 Jan 202600:07	–	redhatcve
Vulnrichment	CVE-2025-3652 Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint	3 Jan 202623:33	–	vulnrichment

NVD

Node

petlibro petlibroRange≤1.7.31-

[
  {
    "vendor": "Petlibrio",
    "product": "Smart Pet Feeder Platform",
    "versions": [
      {
        "status": "affected",
        "version": "Unknown",
        "lessThanOrEqual": "1.7.31",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-audio-information-disclosure-via-api-endpoint
bobdahacker	www.bobdahacker.com/blog/petlibro

Parameter	Position	Path	Description	CWE
audioId	request body	device/deviceAudio/use	Endpoint allows assigning private audio recordings to arbitrary devices by providing arbitrary audio IDs, enabling unauthorized access to private recordings.	CWE-288
deviceId	request body	device/deviceAudio/use	Endpoint allows assigning private audio recordings to arbitrary devices by providing arbitrary audio IDs, enabling unauthorized access to private recordings.	CWE-288

17 Jun 2026 09:20Current

6Medium risk

Vulners AI Score6

CVSS 3.15.3

CVSS 46.9

EPSS0.00199

SSVC

CWE-288