CVE-2025-67264 is an OS command injection vulnerability classified under CWE-78, affecting the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ smartphones. This flaw allows a local attacker with limited privileges to execute arbitrary OS commands through the EngineerMode ADB shell interface. The vulnerability stems from incomplete remediation of a previous vulnerability (CVE-2025-31710), indicating that the patch did not fully address the underlying injection vectors. The EngineerMode ADB shell is a diagnostic interface typically used by developers or service personnel, but if accessible, it can be exploited to escalate privileges and gain full control over the device. The CVSS v3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. Although exploitation requires local access, the ability to escalate privileges makes this vulnerability particularly dangerous, as it can lead to full device compromise. No public exploits or patches are currently available, increasing the risk window. The vulnerability affects all versions of the specified devices, but exact firmware versions are not detailed. Due to the nature of the flaw, attackers could leverage this vulnerability to install persistent malware, exfiltrate sensitive data, or disrupt device operations.

For European organizations, the impact of CVE-2025-67264 can be significant, especially for those relying on Doogee Note59 series devices for business communications or field operations. Successful exploitation could lead to unauthorized access to sensitive corporate data stored or accessed via these devices, compromising confidentiality. Integrity of data and device configurations can be altered, potentially enabling further lateral movement within corporate networks. Availability may also be affected if attackers disrupt device functionality or deploy ransomware-like payloads. Sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitivity of their data and operations. The requirement for local access limits remote exploitation but does not eliminate risk, as insider threats or physical device theft could facilitate attacks. The lack of available patches increases exposure time, necessitating immediate mitigation measures. Additionally, compromised devices could serve as entry points for broader attacks against organizational networks.

1. Restrict physical and local access to Doogee Note59 series devices, especially in sensitive environments. 2. Disable or restrict access to the EngineerMode ADB shell interface where possible, either via device settings or custom firmware configurations. 3. Implement strict device usage policies and monitor for unauthorized access attempts or unusual local activity on affected devices. 4. Employ mobile device management (MDM) solutions to enforce security policies, detect anomalies, and remotely wipe compromised devices. 5. Educate users about the risks of unauthorized device access and encourage reporting of lost or stolen devices immediately. 6. Regularly audit device firmware versions and configurations to identify unpatched or vulnerable devices. 7. Coordinate with Doogee or third-party security vendors for timely patch releases and apply updates as soon as they become available. 8. Consider replacing vulnerable devices with alternatives from vendors with stronger security track records if mitigation is not feasible. 9. Use endpoint detection and response (EDR) tools capable of monitoring mobile devices for suspicious behaviors indicative of exploitation attempts.