What is CVE-2025-3646?

CVE-2025-3646 is a high-severity vulnerability in Petlibrio Smart Pet Feeder Platform, classified under Missing Authentication for Critical Function. CVSS score: 7.3/10. Published 2026-01-03.

How severe is CVE-2025-3646?

High severity. CVSS v3 base score is 7.3 out of 10.

Auth bypass in Petlibrio Smart Pet Feeder Platform

CVE-2025-3646

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send…

Vulnerability class: Broken Authentication

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Petlibrio Smart Pet Feeder Platform — versions Unknown

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

Security Research: Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks (third-party-advisory, technical-description)
VulnCheck Advisory: Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API (third-party-advisory)

Frequently asked questions

What is CVE-2025-3646?: CVE-2025-3646 is a high-severity vulnerability in Petlibrio Smart Pet Feeder Platform, classified under Missing Authentication for Critical Function. CVSS score: 7.3/10. Published 2026-01-03.
How severe is CVE-2025-3646?: High severity. CVSS v3 base score is 7.3 out of 10.