CRITICAL🇵🇱 Wersja polska

CVE-2025-59407

CVSS 9.8v3.1pub. 2025-10-02upd. 2025-10-24

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.

🤖 AI Analysis
How it works

The vulnerability consists of hardcoding the password to a Java Keystore file directly in the application code (CWE-321). Anyone who gains access to the application APK file can extract the flock_rye.bks file and read the hardcoded password flockhibiki17, then use them to open the keystore and obtain the private key contained within. This key is installed on Falcon and Sparrow license plate readers and Bravo Edge AI Compute devices.

Impact

An attacker who obtains the private key from the keystore can impersonate Flock Safety devices, conduct man-in-the-middle attacks, gain unauthorized access to encrypted device communication, or potentially execute remote commands (RCE) on vulnerable devices.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references. The manufacturer should remove the hardcoded password and keystore file from the application code, implement secure key management mechanisms, and replace the compromised private key with a new one.

Who is affected

Flock Safety DetectionProcessing application com.flocksafety.android.objects version 6.35.33 for Android, installed on Falcon and Sparrow license plate readers and Bravo Edge AI Compute devices.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Flocksafety Flock Safety

    APP
    Flocksafety
    6.35.33
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-59403CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w aplikacji Flock Safety Collins — RCE i DoS

CVE-2025-59405HIGH7.5ten sam produkt

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Fa...

CVE-2025-59406MEDIUM6.2ten sam produkt

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and ...

CVE-2025-59409HIGH7.5ten sam vendor

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials ...

CVE-2025-59404HIGH7.5ten sam vendor

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This ...