Vulnerability Description
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flocksafety | Flock Safety | 6.35.31 |
Related Weaknesses (CWE)
References
- https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wirelessExploitThird Party Advisory
- https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-RootExploitThird Party Advisory
- https://www.flocksafety.com/productsProduct
- https://www.flocksafety.com/products/license-plate-readersProduct
FAQ
What is CVE-2025-59403?
CVE-2025-59403 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices...
How severe is CVE-2025-59403?
CVE-2025-59403 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-59403?
Check the references section above for vendor advisories and patch information. Affected products include: Flocksafety Flock Safety.