CVE-2025-59403
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-11-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flocksafety | flock_safety | 6.35.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-749 | The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Flock Safety Android Collins application version 6.35.31, which manages camera feeds on certain devices. The app exposes administrative API endpoints on port 8080 without requiring authentication. These endpoints include actions like rebooting the device, accessing logs, and enabling adb over the network. Because there is no authentication, an attacker on the local network can exploit these endpoints to cause denial of service, disclose sensitive information, or gain remote code execution by starting adb over TCP without confirmation, effectively giving shell access.
How can this vulnerability impact me? :
The vulnerability can lead to multiple impacts: denial of service by rebooting the device remotely, information disclosure through access to logs, and remote code execution by enabling adb over TCP without user confirmation. This allows an attacker on the local network to gain shell access to the device, potentially compromising the device and its data.