Cyber Resilience

CVE-2025-67264

HighPublic PoC

Published: 23 January 2026

Published
23 January 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 7.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67264 is a high-severity OS Command Injection (CWE-78) vulnerability in Doogee Note59 Pro\+ Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-67264 is an OS command injection vulnerability (CWE-78) in the com.sprd.engineermode component affecting Doogee Note59, Note59 Pro, and Note59 Pro+ smartphones. Published on 2026-01-23, the issue arises from incomplete patching of CVE-2025-31710 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It enables local attackers to execute arbitrary code and escalate privileges via the EngineerMode ADB shell.

A local attacker with low privileges (PR:L) can exploit the vulnerability with low attack complexity and no user interaction. Exploitation grants the ability to inject and execute arbitrary OS commands through the ADB shell, resulting in high impacts to confidentiality, integrity, and availability, including full privilege escalation on the affected device.

Mitigation details are available in vendor advisories at http://doogee.com and further technical analysis, including potential patches or workarounds, at https://github.com/Skorpion96/unisoc-su/blob/main/CVE-2025-67264.md.

EU & UK References

Vulnerability details

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection (CWE-78) directly enables arbitrary Unix shell command execution via ADB and local privilege escalation on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5208Shared CWE-78
CVE-2025-23383Shared CWE-78
CVE-2026-45255Shared CWE-78
CVE-2026-26318Shared CWE-78
CVE-2026-22277Shared CWE-78
CVE-2026-0596Shared CWE-78
CVE-2025-10589Shared CWE-78
CVE-2025-56108Shared CWE-78
CVE-2026-33641Shared CWE-78
CVE-2025-66209Shared CWE-78

Affected Assets

doogee
note59 pro\+ firmware
all versions
doogee
note59 pro firmware
all versions
doogee
note59 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the incomplete patching of CVE-2025-31710 by requiring timely identification, prioritization, and remediation of system flaws.

prevent

Prevents OS command injection in the EngineerMode ADB shell by validating all information inputs for correctness, completeness, and context.

prevent

Limits the impact of privilege escalation from the command injection by employing explicit least privilege principles for the com.sprd.engineermode component.

References