CVE-2025-59405

High CVSS: 7.5

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Vendor

Flocksafety

Product

Flock Safety

CWE

CWE-200

Yayın Tarihi

2025-10-02 17:16:06

Güncelleme

2025-10-24 17:27:51

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-200 Flock Safety HIGH Flocksafety 2025

Referanslar

https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/ https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf https://www.flocksafety.com/products https://www.flocksafety.com/products/license-plate-readers

Benzer Kayıtlar

High

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck…

Critical

CVE-2025-59407

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falco…

Medium

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow Li…

Critical

CVE-2025-59403

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authenticat…

High

CVE-2025-59404

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits by…

High

CVE-2025-59408

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an att…