CVE-2025-59402
BaseFortify
Publication date: 2025-09-25
Last updated on: 2025-10-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flocksafety | bravo_compute_box_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-616 | The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 has a vulnerability where it accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This allows attackers who have physical access to the device to flash arbitrary firmware, dump device partitions, and bypass bootloader and operating system security controls.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with physical access to the device to install unauthorized firmware, extract sensitive data from device partitions, and bypass security mechanisms of the bootloader and operating system. This can lead to device compromise, data theft, and potentially unauthorized control over the device.