{"id":75449,"date":"2026-01-04T03:03:04","date_gmt":"2026-01-03T23:33:04","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-3654-petlibro-smart-pet-feeder-platform-through-1-7-31-information-disclosure-via-api-endpoint\/"},"modified":"2026-01-04T03:03:04","modified_gmt":"2026-01-03T23:33:04","slug":"cve-2025-3654-petlibro-smart-pet-feeder-platform-through-1-7-31-information-disclosure-via-api-endpoint","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-3654-petlibro-smart-pet-feeder-platform-through-1-7-31-information-disclosure-via-api-endpoint\/","title":{"rendered":"CVE-2025-3654 &#8211; Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint"},"content":{"rendered":"<p>CVE ID : CVE-2025-3654<\/p>\n<p>Published :  Jan. 3, 2026, 11:33 p.m. | 53\u00a0minutes ago<\/p>\n<p>Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through \/device\/devicePetRelation\/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.<\/p>\n<p>Severity: 6.9 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-3654 Published : Jan. 3, 2026, 11:33 p.m. | 53\u00a0minutes ago Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through \/device\/devicePetRelation\/getBoundDevices using &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-75449","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/75449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=75449"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/75449\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=75449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=75449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=75449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}