The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-319 | |
Metrics |
cvssV3_1
|
Thu, 02 Oct 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | |
References |
|
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-02T19:46:27.571Z
Reserved: 2025-09-15T00:00:00.000Z
Link: CVE-2025-59406

Updated: 2025-10-02T19:46:21.268Z

Status : Awaiting Analysis
Published: 2025-10-02T17:16:06.880
Modified: 2025-10-02T20:15:34.083
Link: CVE-2025-59406

No data.

No data.