CVE-2025-59407
📋 TL;DR
This CVE exposes a hardcoded Java Keystore password in Flock Safety's Android application, allowing attackers to extract the private key. This affects all users of Flock Safety's Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices running the vulnerable software version. The vulnerability enables potential remote code execution, device compromise, and data theft.
💻 Affected Systems
- Flock Safety Falcon License Plate Reader
- Flock Safety Sparrow License Plate Reader
- Flock Safety Bravo Edge AI Compute Device
📦 What is this software?
Flock Safety by Flocksafety
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to remote code execution, camera feed interception, license plate data theft, and potential lateral movement within the Flock Safety network infrastructure.
Likely Case
Extraction of private key leading to authentication bypass, unauthorized access to device data and feeds, and potential device manipulation.
If Mitigated
Limited impact if devices are isolated in secure networks with strict access controls and monitoring, though the hardcoded credential remains a persistent risk.
🎯 Exploit Status
Detailed technical analysis and proof-of-concept are publicly available in the referenced research papers. The hardcoded password makes exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
1. Contact Flock Safety for patching guidance. 2. Monitor vendor communications for security updates. 3. Apply any available firmware/application updates immediately when released.
🔧 Temporary Workarounds
Network Isolation
allIsolate affected devices in separate network segments with strict firewall rules to limit attack surface.
Access Control Hardening
allImplement strict network access controls and monitor all traffic to/from affected devices.
🧯 If You Can't Patch
- Immediately isolate affected devices from internet and critical internal networks
- Implement enhanced monitoring and alerting for any suspicious activity involving these devices
🔍 How to Verify
Check if Vulnerable:
Check the Android application version on the device. If it's version 6.35.33, the device is vulnerable. Alternatively, decompile the APK and search for 'flockhibiki17' in the code.Check Version:
On Android device: Settings > Apps > Flock Safety > App info > VersionVerify Fix Applied:
Verify the application version has been updated to a version later than 6.35.33. Check that the keystore password is no longer hardcoded in the application code.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- Unexpected keystore access patterns
- Suspicious process execution on device
Network Indicators:
- Unexpected outbound connections from devices
- Traffic patterns suggesting data exfiltration
- Unauthorized access attempts to device management interfaces
SIEM Query:
source="flock_device" AND (event_type="authentication_failure" OR process="keystore_access" OR command="extract_private_key")🔗 References
- https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/
- https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf
- https://www.flocksafety.com/products
- https://www.flocksafety.com/products/license-plate-readers
