CVE-2025-59404

Description

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weakness Type (CWE)

CWE-1274 CWE-1274

Affected Products

Vendor	Product	Versions
flocksafety	bravo_compute_box_firmware	All

References

Exploits

https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf

Other References

https://www.flocksafety.com/products https://www.flocksafety.com/products/license-plate-readers

Frequently Asked Questions

What is CVE-2025-59404? +

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions. It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2025-59404? +

CVE-2025-59404 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-59404? +

CVE-2025-59404 affects products from flocksafety, specifically: bravo_compute_box_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-59404? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-36345

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform …

CVE-2023-31345 7.5

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code …

CVE-2025-4043 6.8

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a …

CVE-2025-59694 6.8

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a …

CVE-2025-59403 9.8

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed …

CVE-2025-59407 9.8

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge …