Login Sign Up

CVE-2025-59404

7.5 HIGH

📋 TL;DR

The Flock Safety Bravo Edge AI Compute Device ships with an unlocked bootloader, allowing attackers with physical access to bypass Android Verified Boot and modify system partitions. This affects all devices running the BRAVO_00.00_local_20241017 firmware version. Physical access to the device is required for exploitation.

💻 Affected Systems

Products:
  • Flock Safety Bravo Edge AI Compute Device
Versions: BRAVO_00.00_local_20241017
Operating Systems: Android-based embedded OS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with this firmware version are vulnerable out-of-the-box. Physical access to device required.

📦 What is this software?

Bravo Compute Box Firmware by Flocksafety

View all CVEs affecting Bravo Compute Box Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of persistent malware, data theft, device repurposing, and bypass of all security controls.

🟠

Likely Case

Unauthorized modification of device firmware to disable security features, alter functionality, or install backdoors.

🟢

If Mitigated

Limited impact if devices are physically secured and monitored for tampering.

🌐 Internet-Facing: LOW - Physical access required, no remote exploitation vector.
🏢 Internal Only: MEDIUM - Physical access needed, but devices in unsecured locations could be targeted.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed exploitation guide published. Requires physical access and basic technical skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact Flock Safety for firmware updates or replacement devices.

🔧 Temporary Workarounds

Physical Security Enhancement

all

Secure devices in tamper-proof enclosures with surveillance to prevent physical access.

Device Monitoring

all

Implement monitoring for device tampering indicators and unexpected reboots.

🧯 If You Can't Patch

  • Physically secure devices in locked, monitored locations with limited access
  • Implement device integrity monitoring and alert on unexpected behavior changes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via device interface or serial console. If version is BRAVO_00.00_local_20241017, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.incremental

Verify Fix Applied:

Verify bootloader is locked by attempting to access fastboot mode and checking for 'Device State: unlocked' status.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device reboots
  • Bootloader access attempts
  • Firmware modification timestamps

Network Indicators:

  • Unusual network traffic patterns from device
  • Unexpected outbound connections

SIEM Query:

Device logs showing bootloader access or unexpected firmware changes

📊 Metadata

CVE ID: CVE-2025-59404
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-1274
EPSS Score: 0.07% exploit probability (20.9th percentile)
Published: September 25, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59404, you might also want to check these:

CVE-2023-31345 7.5

This vulnerability allows a privileged attacker to bypass System Management Mode (SMM) protections t...

Same vulnerability type (CWE-1274)
CVE-2025-59694 6.8

This vulnerability allows a physically proximate attacker to persistently modify firmware on Entrust...

Same vulnerability type (CWE-1274)