VYPR
Unrated severityNVD Advisory· Published Jan 3, 2026· Updated Jan 5, 2026

Petlibro Smart Pet Feeder Platform through 1.7.31 Authentication Bypass via API endpoint

CVE-2025-15115

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.