CVE-2025-31710
published 2025-06-03CVE-2025-31710: In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no…
high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — |
GHSA
GHSA-fh9m-3rmh-ffg9: An OS command injection vulnerability in the com
ghsa_unreviewed·2026-01-23·CVSS 5.9
CVE-2025-67264 [MEDIUM] CWE-78 GHSA-fh9m-3rmh-ffg9: An OS command injection vulnerability in the com
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710
GHSA
GHSA-65w5-5qgg-4h59: In engineermode service, there is a possible command injection due to improper input validation
ghsa_unreviewed·2025-06-03
CVE-2025-31710 [MEDIUM] CWE-77 GHSA-65w5-5qgg-4h59: In engineermode service, there is a possible command injection due to improper input validation
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-03
Published