CVE-2025-59403
CVE-2025-59403 is a critical-severity vulnerability in Flocksafety Flock Safety with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-749.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- EPSS exploit prediction: 1% (59th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-32616
- Weakness: CWE-749
- Affected product: Flocksafety Flock Safety
- Published:
- Last modified:
Description
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
Frequently asked questions
- What is CVE-2025-59403?
- The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
- How severe is CVE-2025-59403?
- CVE-2025-59403 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2025-59403 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (59th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-59403?
- CVE-2025-59403 affects Flocksafety Flock Safety. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-59403?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2025-59403 have an EU (EUVD) identifier?
- Yes. CVE-2025-59403 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-32616.
- When was CVE-2025-59403 published?
- CVE-2025-59403 was published on 2025-10-02 and last updated on 2026-06-17.
References
- https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/
- https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf
- https://www.flocksafety.com/products
- https://www.flocksafety.com/products/license-plate-readers
Affected products (1)
- cpe:2.3:a:flocksafety:flock_safety:6.35.31:*:*:*:*:android:*:*
More vulnerabilities in Flocksafety Flock Safety
- CVE-2025-59407 — Critical (CVSS 9.8): The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on…
- CVE-2025-59405 — High (CVSS 7.5): The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and…
- CVE-2025-59406 — Medium (CVSS 6.2): The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow…
All CVEs affecting Flocksafety Flock Safety →
Other CWE-749 vulnerabilities
- CVE-2023-40151 — Critical (CVSS 10.0): When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK…
- CVE-2026-55454 — Critical (CVSS 9.9): Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy…
- CVE-2026-30957 — Critical (CVSS 9.9): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors…
- CVE-2026-30921 — Critical (CVSS 9.9): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors…
- CVE-2019-18342 — Critical (CVSS 9.9): A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default…
- CVE-2023-51583 — Critical (CVSS 9.8): Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability…