CVE-2025-67264 is an operating system command injection vulnerability located in the com.sprd.engineermode component of the Doogee Note59 smartphone series, including Note59, Note59 Pro, and Note59 Pro+. This vulnerability arises from incomplete remediation of a prior vulnerability, CVE-2025-31710, leaving the EngineerMode ADB shell interface susceptible to exploitation. EngineerMode is typically a privileged diagnostic and engineering interface used for device testing and configuration. The vulnerability allows a local attacker—someone with physical or local access to the device—to inject arbitrary OS commands through this interface, resulting in arbitrary code execution and privilege escalation. This means an attacker can potentially gain root-level control over the device, bypassing normal security restrictions. The vulnerability does not require network access or remote exploitation, but relies on local access, which could be achieved through physical possession or via malware already present on the device. No public exploits are currently known, but the incomplete patching indicates a risk of future exploitation. The absence of a CVSS score requires an assessment based on the nature of the vulnerability: it impacts confidentiality, integrity, and availability by enabling full device compromise; exploitation is relatively straightforward once local access is obtained; and the affected scope is limited to the specified Doogee Note59 series devices. The vulnerability is significant for environments where these devices are used for sensitive communications or data storage.

For European organizations, the impact of CVE-2025-67264 can be substantial if Doogee Note59 series devices are used within corporate or governmental environments. Successful exploitation allows attackers to execute arbitrary commands with elevated privileges, potentially leading to data theft, unauthorized surveillance, or disruption of device functionality. This can compromise sensitive corporate information, intellectual property, or personal data protected under GDPR. Additionally, compromised devices could serve as footholds for lateral movement within networks or be used to bypass mobile device management controls. The local access requirement limits remote exploitation but does not eliminate risk, especially in scenarios involving lost or stolen devices, insider threats, or malware infections that provide local code execution. The vulnerability also undermines trust in device integrity, which is critical for sectors such as finance, healthcare, and public administration. Given the incomplete patching, organizations relying on these devices must consider the risk of future exploit development and potential targeted attacks.

To mitigate CVE-2025-67264, organizations should first verify if their Doogee Note59 series devices have received complete patches addressing this vulnerability; if no official patches exist, consider restricting or disabling the EngineerMode ADB shell interface entirely. Physical security controls should be enhanced to prevent unauthorized local access to devices, including enforcing strong device lock mechanisms and remote wipe capabilities. Mobile device management (MDM) solutions should be configured to monitor and restrict access to engineering or diagnostic modes. Regular audits of device configurations and installed applications can help detect unauthorized modifications or suspicious activity. Educate users on the risks of physical device compromise and the importance of reporting lost or stolen devices immediately. For environments where these devices are critical, consider replacing them with alternatives that have a stronger security posture and timely patching. Finally, maintain up-to-date threat intelligence to monitor for any emerging exploits targeting this vulnerability.