CVE-2025-59402

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-59402
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ Exploit Third Party Advisory
https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf Exploit Third Party Advisory
https://www.flocksafety.com/products Product
https://www.flocksafety.com/products/license-plate-readers Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:flocksafety:bravo_compute_box_firmware:-:*:*:*:*:*:*:*
History

23 Oct 2025, 18:07

Type Values Removed Values Added
CPE cpe:2.3:a:flocksafety:bravo_compute_box_firmware:-:*:*:*:*:*:*:*
References () https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ - () https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box/ - Exploit, Third Party Advisory
References () https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf - () https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf - Exploit, Third Party Advisory
References () https://www.flocksafety.com/products - () https://www.flocksafety.com/products - Product
References () https://www.flocksafety.com/products/license-plate-readers - () https://www.flocksafety.com/products/license-plate-readers - Product
First Time Flocksafety
Flocksafety bravo Compute Box Firmware

26 Sep 2025, 21:15

Type Values Removed Values Added
CWE CWE-616
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4

25 Sep 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-25 21:15

Updated : 2025-10-23 18:07

NVD link : CVE-2025-59402

Mitre link : CVE-2025-59402

CVE.ORG link : CVE-2025-59402

JSON object : View

Products Affected

flocksafety

  • bravo_compute_box_firmware
CWE
CWE-616

Incomplete Identification of Uploaded File Variables (PHP)