CVE-2025-59403

| EUVD-2025-32616 CRITICAL
2025-10-02 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
EUVD ID Assigned
Mar 13, 2026 - 19:12 euvd
EUVD-2025-32616
PoC Detected
Nov 24, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Oct 02, 2025 - 17:16 nvd
CRITICAL 9.8

Tags

Denial Of Service RCE Information Disclosure Flock Safety Android

Description

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.

Analysis

Missing authentication in Flock Safety Collins Android app for ANPR cameras. EPSS 2.7%. PoC available.

Technical Context

CWE-749. License plate recognition system without authentication.

Affected Products

['Flock Safety Collins 6.35.31']

Remediation

Update app.

Priority Score

72
Low Medium High Critical
KEV: 0
EPSS: +2.7
CVSS: +49
POC: +20

Share

CVE-2025-59403 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy