Login Sign Up

CVE-2025-59402

5.4 MEDIUM

📋 TL;DR

This vulnerability allows attackers with physical access to Flock Safety Bravo Edge AI Compute devices to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls. It affects Flock Safety Bravo Edge AI Compute devices using the Thundercomm TurboX 6490 platform. Physical access to the device is required for exploitation.

💻 Affected Systems

Products:
  • Flock Safety Bravo Edge AI Compute Device
Versions: BRAVO_00.00_local_20241017 and likely earlier versions
Operating Systems: Embedded Linux on Thundercomm TurboX 6490 platform
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the default Firehose loader configuration for EDL/QDL mode.

📦 What is this software?

Bravo Compute Box Firmware by Flocksafety

View all CVEs affecting Bravo Compute Box Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malicious firmware, data exfiltration, persistent backdoors, and bypass of all security controls.

🟠

Likely Case

Physical attacker gains full control of the device to modify functionality, extract sensitive data, or disable security features.

🟢

If Mitigated

Limited impact if physical access controls prevent unauthorized handling of devices.

🌐 Internet-Facing: LOW - Requires physical access to exploit.
🏢 Internal Only: MEDIUM - Physical access within controlled environments could lead to device compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access and technical knowledge of EDL/QDL flashing procedures. No authentication bypass needed once physical access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

No official patch available. Contact Flock Safety for firmware updates or security guidance.

🔧 Temporary Workarounds

Disable EDL/QDL Mode

all

Configure device to disable Emergency Download Mode/Qualcomm Download Mode if supported by firmware.

NONE - Requires firmware configuration

Secure Physical Access

all

Implement physical security controls to prevent unauthorized handling of devices.

NONE - Physical security measures

🧯 If You Can't Patch

  • Implement strict physical access controls and monitoring for all deployed devices.
  • Consider device tamper detection mechanisms and regular integrity checks of firmware.

🔍 How to Verify

Check if Vulnerable:

Check if device accepts default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode by attempting to connect via Qualcomm tools.

Check Version:

Check device firmware version via manufacturer's management interface or console.

Verify Fix Applied:

Verify EDL/QDL mode requires authentication or is disabled in updated firmware.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device reboots
  • Firmware version changes
  • EDL/QDL mode activation logs

Network Indicators:

  • Unusual device communication patterns after physical access

SIEM Query:

Search for device firmware modification events or unauthorized physical access alerts.

📊 Metadata

CVE ID: CVE-2025-59402
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
CWE: CWE-616
EPSS Score: 0.04% exploit probability (11.8th percentile)
Published: September 25, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59402, you might also want to check these:

CVE-2025-67084 9.9

This vulnerability allows authenticated attackers to upload malicious PHP files as attachments in In...

Same vulnerability type (CWE-616)
CVE-2024-31601 9.8

This critical vulnerability in Panalog big data analysis platform allows unauthenticated attackers t...

Same vulnerability type (CWE-616)
CVE-2024-29858 9.8

This vulnerability in MISP (Malware Information Sharing Platform) allows attackers to upload malicio...

Same vulnerability type (CWE-616)