CVE-2025-47820
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-10-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flocksafety | gunshot_detection_firmware | to 1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Flock Safety Gunshot Detection devices before version 1.3 involves cleartext storage of code on the device. This means that some code is stored without encryption, potentially exposing it if someone gains physical access to the device. Exploiting this requires physical access and knowledge of device debugging. Despite this, the devices store data transiently and securely in the cloud, and the vulnerability is considered low severity and low likelihood of exploitation. [1]
How can this vulnerability impact me? :
This vulnerability could allow an attacker with physical access to the device to access stored code in cleartext, which might reveal sensitive implementation details. However, attackers cannot retrieve footage or audio data since it is transiently stored and primarily secured in the cloud. The overall impact is low severity and low likelihood of exploitation, limiting potential harm. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires physical access to the Flock Safety Gunshot Detection device and knowledge of device debugging to exploit. Detection involves checking for the presence of debug interfaces enabled on the device and verifying if code is stored in cleartext on the device. Since the vulnerability does not affect network transmission (which is encrypted via TLS) or cloud storage, network-based detection commands are not applicable. Physical inspection and device-level debugging tools would be necessary to detect this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to the devices to prevent exploitation, as the vulnerability requires physical access. Additionally, ensure that devices are updated with the latest firmware once Over the Air (OTA) updates are available, which will address these issues. Monitoring for updates from Flock Safety and applying improved factory settings for new devices starting Q2 2025 is also recommended. [1]