CVE-2025-59403

CRITICAL

Flock Safety Android Collins 6.35.31 - RCE & DoS via Exposed API

Title source: llm

Description

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.

References (4)

Core 4

Core References

Exploit, Third Party Advisory

https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/

Exploit, Third Party Advisory

https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf

Product

https://www.flocksafety.com/products

Product

https://www.flocksafety.com/products/license-plate-readers

Scores

CVSS v3 9.8

EPSS 0.0102

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-749

Status published

Products (1)

flocksafety/flock_safety 6.35.31

Published Oct 02, 2025

Tracked Since Feb 18, 2026