CVE-2025-67264 – A local OS command injection vulnerability in t... (How to Fix)

Q: What is the severity of CVE-2025-67264?

CVE-2025-67264 has a CVSS score of 7.8 (HIGH). A local OS command injection vulnerability in the com.sprd.engineermode component on Doogee Note59 series devices allows attackers with ADB shell access to execute arbitrary commands and escalate privileges. This affects Doogee Note59, Note59 Pro, and Note59 Pro+ smartphones. The vulnerability results from incomplete patching of a previous vulnerability (CVE-2025-31710).

📋 TL;DR

A local OS command injection vulnerability in the com.sprd.engineermode component on Doogee Note59 series devices allows attackers with ADB shell access to execute arbitrary commands and escalate privileges. This affects Doogee Note59, Note59 Pro, and Note59 Pro+ smartphones. The vulnerability results from incomplete patching of a previous vulnerability (CVE-2025-31710).

💻 Affected Systems

Products:

Doogee Note59
Doogee Note59 Pro
Doogee Note59 Pro+

Versions: All versions with vulnerable com.sprd.engineermode component

Operating Systems: Android (Doogee custom ROM)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ADB debugging to be enabled and local access to device. EngineerMode component is part of Doogee's custom Android implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and device control.

🟠

Likely Case

Local privilege escalation from limited user to root/system privileges, enabling unauthorized access to sensitive data and system functions.

🟢

If Mitigated

Limited impact if ADB debugging is disabled and physical access is restricted.

🌐 Internet-Facing: LOW - Requires local access or ADB connection, not directly exploitable over network.

🏢 Internal Only: HIGH - Local attackers with ADB access can achieve full device compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires ADB shell access. Public proof-of-concept available on GitHub. Similar to previously patched CVE-2025-31710.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://doogee.com

Restart Required: Yes

Instructions:

1. Check Doogee website for security updates. 2. Install any available firmware updates. 3. If no patch available, apply workarounds.

🔧 Temporary Workarounds

Disable ADB Debugging

android

Prevents local attackers from accessing ADB shell required for exploitation

Settings > Developer Options > USB Debugging (toggle OFF)

Disable EngineerMode Component

android

Remove or disable the vulnerable com.sprd.engineermode component

adb shell pm disable-user --user 0 com.sprd.engineermode

🧯 If You Can't Patch

Disable USB debugging in developer options
Restrict physical access to devices
Monitor for suspicious ADB connections

🔍 How to Verify

Check if Vulnerable:

Check if com.sprd.engineermode component is present and EngineerMode ADB shell is accessible

Check Version:

adb shell getprop ro.build.display.id

Verify Fix Applied:

Verify com.sprd.engineermode component is removed/disabled or ADB debugging is disabled

📡 Detection & Monitoring

Log Indicators:

ADB shell access attempts
EngineerMode component execution
Privilege escalation attempts

Network Indicators:

ADB over network connections
Unexpected USB debugging sessions

SIEM Query:

source="android_logs" AND ("EngineerMode" OR "com.sprd.engineermode" OR "ADB shell")

📊 Metadata

CVE ID: CVE-2025-67264

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.06% exploit probability (19.7th percentile)

Published: January 23, 2026

Last Updated: February 11, 2026

🔗 References

http://doogee.com Product
https://github.com/Skorpion96/unisoc-su/blob/main/CVE-2025-67264.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67264, you might also want to check these: