Flocksafety Flock Safety vulnerabilities
4 known vulnerabilities affecting flocksafety/flock_safety.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-59403P2CRITICALCVSS 9.8v6.35.312025-10-02
CVE-2025-59403 [CRITICAL] CWE-749 CVE-2025-59403: The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Andro
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack,
nvd
CVE-2025-59407P3CRITICALCVSS 9.8v6.35.332025-10-02
CVE-2025-59407 [CRITICAL] CWE-321 CVE-2025-59407: The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.
nvd
CVE-2025-59405P3HIGHCVSS 7.5v7.38.32025-10-02
CVE-2025-59405 [HIGH] CWE-200 CVE-2025-59405: The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (insta
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secre
nvd
CVE-2025-59406P4MEDIUMCVSS 6.2v6.21.112025-10-02
CVE-2025-59406 [MEDIUM] CWE-319 CVE-2025-59406: The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on F
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without spec
nvd