CVE-2025-47820 is a vulnerability identified in Flock Safety Gunshot Detection devices, specifically affecting versions prior to 1.3. The issue is categorized under CWE-312, which pertains to the cleartext storage of sensitive information. In this case, the devices store sensitive code data in an unencrypted, cleartext format. This practice exposes the sensitive information to potential unauthorized access if an attacker gains physical or logical access to the device's storage. The vulnerability does not require user interaction, authentication, or network access with low attack complexity, but the attack vector is physical (AV:P), meaning an attacker must have physical access to the device to exploit the vulnerability. The CVSS v3.1 base score is 2.0, indicating a low severity level, primarily due to the limited attack vector and low impact on confidentiality (only partial confidentiality loss), with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could allow an attacker with physical access to extract sensitive code information, potentially aiding further attacks or reverse engineering of the device's functionality.

For European organizations deploying Flock Safety Gunshot Detection devices, this vulnerability presents a limited but tangible risk. The primary impact is the potential exposure of sensitive code stored on the device, which could lead to intellectual property theft or facilitate more sophisticated attacks if combined with other vulnerabilities. However, since exploitation requires physical access to the device, the risk is mainly relevant in scenarios where devices are deployed in unsecured or publicly accessible locations. The confidentiality impact is low, and there is no direct threat to the integrity or availability of the detection system. Nonetheless, organizations relying on these devices for critical security monitoring might face reduced trust in the device's security posture. Additionally, exposure of sensitive code could aid attackers in developing bypass techniques or counterfeit devices, indirectly impacting security operations. European entities involved in law enforcement, public safety, or private security using these devices should be aware of this vulnerability and consider it in their risk assessments.

To mitigate this vulnerability, European organizations should prioritize upgrading all Flock Safety Gunshot Detection devices to version 1.3 or later, where this issue is resolved. Until patches are available, physical security controls must be enhanced to prevent unauthorized access to the devices, including secure mounting, tamper-evident seals, and surveillance of device locations. Regular physical inspections should be conducted to detect any signs of tampering. Additionally, organizations should implement strict access control policies limiting who can handle or maintain these devices. If possible, encrypting the storage medium or employing hardware security modules could be considered as compensating controls. Monitoring for unusual device behavior or unauthorized access attempts can also help detect exploitation attempts. Finally, organizations should engage with the vendor to obtain timely updates and security advisories related to these devices.