CVE-2025-59404 is a high-severity vulnerability affecting the Flock Safety Bravo Edge AI Compute Device, specifically the BRAVO_00.00_local_20241017 version. The core issue stems from the device shipping with its bootloader unlocked. An unlocked bootloader allows an attacker to bypass Android Verified Boot (AVB), a security feature designed to ensure the integrity of the device's boot process by verifying the authenticity of the boot and system partitions before execution. By circumventing AVB, an attacker can directly modify critical partitions on the device, such as the system, boot, or recovery partitions. This modification capability can lead to the installation of persistent malicious code, rootkits, or other unauthorized firmware, compromising the device's integrity. The vulnerability does not require any privileges or user interaction to exploit (AV:N/AC:L/PR:N/UI:N), making it remotely exploitable over the network without authentication. The CVSS score of 7.5 reflects the high impact on integrity, though confidentiality and availability are not directly affected. The CWE-1274 classification indicates improper enforcement of boot integrity protections. Although no known exploits are currently reported in the wild, the unlocked bootloader presents a significant risk vector for attackers aiming to gain persistent control over the device or to manipulate its AI compute functions. The lack of available patches further exacerbates the risk, leaving affected devices vulnerable until a fix is released.

For European organizations utilizing Flock Safety Bravo Edge AI Compute Devices, this vulnerability poses a substantial risk to operational integrity and security. These devices are likely used in security, surveillance, or AI-driven analytics contexts, where data integrity and trustworthiness of device outputs are critical. An attacker exploiting this vulnerability could implant malicious firmware or modify system partitions to alter device behavior, potentially leading to false data reporting, unauthorized surveillance, or disruption of AI computations. This could undermine security operations, lead to data manipulation, or facilitate further lateral movement within organizational networks. Given the device's role in edge computing, compromised units could serve as footholds for attackers to infiltrate broader IT or OT environments. The absence of required authentication and user interaction increases the likelihood of remote exploitation, raising concerns for organizations with these devices deployed in public or semi-public spaces. Additionally, the inability to verify boot integrity may violate compliance requirements related to device security and data protection under European regulations such as GDPR, especially if personal data is processed or stored.

1. Immediate mitigation should include isolating affected devices from critical network segments to limit potential attack surfaces. 2. Organizations should monitor network traffic and device logs for unusual activity indicative of unauthorized partition modifications or boot anomalies. 3. Engage with Flock Safety to obtain official guidance, firmware updates, or patches addressing the unlocked bootloader issue; prioritize applying any forthcoming security updates. 4. Where possible, re-lock the bootloader manually following manufacturer instructions or through secure device management tools to restore AVB protections. 5. Implement network-level protections such as firewall rules and segmentation to restrict access to the devices, minimizing exposure to remote attackers. 6. Conduct regular integrity checks of device firmware and system partitions using cryptographic verification tools to detect unauthorized changes. 7. Develop incident response plans specific to edge AI device compromise scenarios, including rapid device quarantine and forensic analysis. 8. For future deployments, enforce procurement policies requiring devices with secure boot mechanisms properly enabled and verified before installation.