CVE-2025-64052 is a vulnerability identified in the Fanvil x210 V2 IP phone firmware version 2.12.20, which allows unauthenticated attackers on the local network to execute arbitrary system commands. The root cause is related to improper input validation or command injection (CWE-77), enabling attackers to inject and execute system-level commands without requiring authentication or user interaction. The attack vector is local network access, meaning an attacker must be on the same LAN or have network access to the device. The vulnerability impacts confidentiality and integrity by potentially exposing sensitive information or allowing unauthorized changes to device configuration or operation. Availability is not directly impacted, as the CVSS vector indicates no impact on availability. The CVSS score of 5.1 (medium severity) reflects the moderate risk due to the local access requirement and lack of authentication needed. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability affects telephony infrastructure relying on Fanvil x210 V2 devices, which are commonly used in enterprise VoIP environments. Exploitation could lead to unauthorized command execution, information leakage, or manipulation of device behavior, potentially undermining communication security and privacy.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of telephony communications and device configurations. Unauthorized command execution could allow attackers to intercept calls, manipulate call routing, or extract sensitive information from the device. While the attack requires local network access, many enterprises have VoIP devices on internal networks that may be accessible to insiders or compromised devices. This could lead to insider threats or lateral movement within corporate networks. The lack of availability impact reduces the risk of denial-of-service, but the compromise of telephony devices can still disrupt business operations indirectly through loss of trust or data leakage. Organizations relying on Fanvil x210 V2 devices in call centers, customer support, or internal communications should be particularly vigilant. The absence of patches means organizations must rely on network-level mitigations until a firmware update is available.

1. Implement strict network segmentation to isolate VoIP devices from general user networks and untrusted devices, limiting local network access to authorized personnel only. 2. Employ VLANs and access control lists (ACLs) to restrict traffic to and from Fanvil x210 V2 devices. 3. Monitor network traffic for unusual command patterns or device behavior indicative of exploitation attempts. 4. Disable any unnecessary services or interfaces on the devices to reduce the attack surface. 5. Regularly audit device configurations and logs for signs of unauthorized access or command execution. 6. Engage with Fanvil or authorized vendors to obtain firmware updates or patches as soon as they become available. 7. Educate internal IT and security teams about the vulnerability and the importance of local network security controls. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts targeting VoIP devices.