CVE-2025-67264: Command Injection

Published Jan 23, 2026
·
Updated

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710

Affected Software

9 affected components
Doogee Note59
Doogee Note59 Pro
Doogee Note59 Pro+
All of the following
Doogee Note59 Pro\+ Firmware
Doogee Note59 Pro\+
All of the following
Doogee Note59 Pro Firmware
Doogee Note59 Pro
All of the following
Doogee Note59 Firmware
Doogee Note59

Event History

Jan 23, 2026
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·08:15 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-67264?

CVE-2025-67264 has a high severity rating, allowing local attackers to execute arbitrary code and escalate privileges.

2

How do I fix CVE-2025-67264?

To mitigate CVE-2025-67264, ensure that the latest firmware updates are applied to the Doogee Note59, Note59 Pro, and Note59 Pro+.

3

What devices are affected by CVE-2025-67264?

CVE-2025-67264 affects Doogee Note59, Note59 Pro, and Note59 Pro+ models.

4

Can CVE-2025-67264 be exploited remotely?

No, exploitation of CVE-2025-67264 requires local access to the device.

5

What causes CVE-2025-67264 vulnerability?

CVE-2025-67264 is caused by incomplete patching of the previous vulnerability CVE-2025-31710 in the EngineerMode ADB shell.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203