Bravo Compute Box Firmware CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-59404	2 Flock Safety, Flocksafety	2 Bravo Edge Ai Compute Device, Bravo Compute Box Firmware	2025-10-23	7.5 High
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
CVE-2025-59408	2 Flock Safety, Flocksafety	2 Bravo Edge Ai Compute Device, Bravo Compute Box Firmware	2025-10-23	7.3 High
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
CVE-2025-59402	2 Flock Safety, Flocksafety	2 Bravo Edge Ai Compute Device, Bravo Compute Box Firmware	2025-10-23	5.4 Medium
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.

Page 1 of 1.