Unrated severityNVD Advisory· Published Jan 3, 2026· Updated Jan 5, 2026

Petlibro Smart Pet Feeder Platform through 1.7.31 Broken Access Control via API endpoint

CVE-2025-3660

Description

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to retrieve sensitive information including pet details, member IDs, and avatar URLs without proper authorization checks.

Affected products

Petlibro/Smart Pet Feederllm-create
Range: <=1.7.31
Petlibrio/Smart Pet Feeder Platformv5
Range: Unknown

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bobdahacker.com/blog/petlibromitrethird-party-advisorytechnical-description
www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-broken-access-control-via-api-endpointmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000