CVE-2025-31710

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
OR cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t765:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9300:-:*:*:*:*:*:*:*

History

10 Jun 2025, 15:15

Type Values Removed Values Added
References () https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186 - () https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186 - Vendor Advisory
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t765:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
First Time Unisoc t612
Google android
Unisoc
Unisoc t765
Unisoc t616
Unisoc t8300
Unisoc sc9863a
Unisoc t750
Unisoc t760
Google
Unisoc s8000
Unisoc t606
Unisoc t9300
Unisoc t770
Unisoc t820

03 Jun 2025, 16:15

Type Values Removed Values Added
CWE CWE-77
Summary
  • (es) En el servicio en modo ingeniero, existe una posible inyección de comandos debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios sin necesidad de permisos de ejecución adicionales.

03 Jun 2025, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-03 06:15

Updated : 2025-06-10 15:15


NVD link : CVE-2025-31710

Mitre link : CVE-2025-31710

CVE.ORG link : CVE-2025-31710


JSON object : View

Products Affected

unisoc

  • t750
  • sc9863a
  • t612
  • t765
  • t770
  • t9300
  • t606
  • t8300
  • t820
  • s8000
  • t760
  • t616

google

  • android
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')