CVE-2025-59402 — MEDIUM (5.4)

Vulnerability Description

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Flocksafety	Bravo Compute Box Firmware	-

Related Weaknesses (CWE)

CWE-616

References

https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-sExploitThird Party Advisory
https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-RootExploitThird Party Advisory
https://www.flocksafety.com/productsProduct
https://www.flocksafety.com/products/license-plate-readersProduct

FAQ

What is CVE-2025-59402?

CVE-2025-59402 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash a...

How severe is CVE-2025-59402?

CVE-2025-59402 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59402?

Check the references section above for vendor advisories and patch information. Affected products include: Flocksafety Bravo Compute Box Firmware.