CVE-2025-59403

Name of the Vulnerable Software and Affected Versions Flock Safety Android Collins application (aka com.flocksafety.android.collins) version 6.35.31

Description The Flock Safety Android Collins application version 6.35.31 lacks authentication. It manages the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. These endpoints include /reboot, /logs, /crashpack, and /adb/enable. Exploitation of the /reboot endpoint can lead to denial of service (DoS). The /logs endpoint allows for information disclosure. The /adb/enable endpoint enables adb over TCP without debugging confirmation, potentially granting an attacker on the local area network (LAN) or wireless LAN (WLAN) shell access.

Recommendations Update to a newer version that contains a fix for this vulnerability.