CVE-2025-59405
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flocksafety | flock_safety | 7.38.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Flock Safety Peripheral Android application version 7.38.3 containing a DataDog API key in cleartext within its codebase. Since the application binaries can be easily decompiled or inspected, attackers can extract this OAuth secret without needing special privileges. The secret is meant to be confidential and should not be embedded directly in client-side software.
How can this vulnerability impact me? :
An attacker who recovers the exposed OAuth secret could potentially misuse the DataDog API key, leading to unauthorized access to monitoring or logging data, manipulation of application telemetry, or other malicious activities depending on the API key's permissions. This could compromise the security and integrity of the affected systems.