CVE-2025-59407

Опубликовано: 02 окт. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.

Ссылки

https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/
Exploit
Third Party Advisory
https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf
Exploit
Third Party Advisory
https://www.flocksafety.com/products
Product
https://www.flocksafety.com/products/license-plate-readers
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flocksafety:flock_safety:6.35.33:*:*:*:*:android:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-321

Связанные уязвимости

GHSA-pv25-m64m-8qhp