CVE-2025-64055: n/a
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
AI Analysis
Technical Summary
CVE-2025-64055 is a severe vulnerability affecting the Fanvil x210 V2 IP phone model running firmware version 2.12.20. The flaw stems from an authentication bypass (CWE-287) that allows an unauthenticated attacker on the same local network segment to access administrative functions of the device. These functions include uploading arbitrary files, performing firmware updates, and rebooting the device, all without requiring any credentials or user interaction. The vulnerability is exploitable remotely within the local network, meaning that an attacker who gains access to the LAN can fully compromise the device. The CVSS v3.1 score of 9.8 indicates critical severity, with attack vector being network (local), no privileges required, no user interaction needed, and full impact on confidentiality, integrity, and availability. The lack of available patches or mitigations from the vendor at the time of publication increases the urgency for defensive measures. This vulnerability could be leveraged to disrupt telephony services, implant malicious firmware, or pivot into internal networks, posing significant risks to enterprise communications and security.
Potential Impact
For European organizations, this vulnerability poses a critical risk to telephony infrastructure security and operational continuity. Compromise of Fanvil x210 V2 devices could lead to unauthorized interception or manipulation of voice communications, disruption of phone services through forced reboots or firmware tampering, and potential lateral movement within corporate networks. This is particularly concerning for sectors relying heavily on secure communications, such as government, finance, healthcare, and critical infrastructure. The ability to upload arbitrary files and update firmware without authentication could enable attackers to implant persistent backdoors or malware, undermining organizational confidentiality and integrity. The disruption of availability through device reboots or bricking could impact business operations and emergency communications. Given the local network attack vector, organizations with insufficient network segmentation or remote access to LAN segments are at heightened risk.
Mitigation Recommendations
1. Immediately isolate Fanvil x210 V2 devices on dedicated VLANs with strict access controls to limit local network exposure. 2. Restrict administrative access to these devices to trusted management networks only, using firewall rules and network segmentation. 3. Monitor network traffic for unusual file uploads or firmware update attempts targeting these devices. 4. Disable any unnecessary services or protocols on the devices to reduce attack surface. 5. Engage with Fanvil or authorized vendors to obtain firmware updates or patches as soon as they become available. 6. Implement network access control (NAC) to prevent unauthorized devices from connecting to the LAN. 7. Conduct regular audits of device configurations and logs to detect signs of compromise. 8. Educate IT staff about the vulnerability and ensure incident response plans include scenarios involving telephony device compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands
CVE-2025-64055: n/a
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
AI-Powered Analysis
Technical Analysis
CVE-2025-64055 is a severe vulnerability affecting the Fanvil x210 V2 IP phone model running firmware version 2.12.20. The flaw stems from an authentication bypass (CWE-287) that allows an unauthenticated attacker on the same local network segment to access administrative functions of the device. These functions include uploading arbitrary files, performing firmware updates, and rebooting the device, all without requiring any credentials or user interaction. The vulnerability is exploitable remotely within the local network, meaning that an attacker who gains access to the LAN can fully compromise the device. The CVSS v3.1 score of 9.8 indicates critical severity, with attack vector being network (local), no privileges required, no user interaction needed, and full impact on confidentiality, integrity, and availability. The lack of available patches or mitigations from the vendor at the time of publication increases the urgency for defensive measures. This vulnerability could be leveraged to disrupt telephony services, implant malicious firmware, or pivot into internal networks, posing significant risks to enterprise communications and security.
Potential Impact
For European organizations, this vulnerability poses a critical risk to telephony infrastructure security and operational continuity. Compromise of Fanvil x210 V2 devices could lead to unauthorized interception or manipulation of voice communications, disruption of phone services through forced reboots or firmware tampering, and potential lateral movement within corporate networks. This is particularly concerning for sectors relying heavily on secure communications, such as government, finance, healthcare, and critical infrastructure. The ability to upload arbitrary files and update firmware without authentication could enable attackers to implant persistent backdoors or malware, undermining organizational confidentiality and integrity. The disruption of availability through device reboots or bricking could impact business operations and emergency communications. Given the local network attack vector, organizations with insufficient network segmentation or remote access to LAN segments are at heightened risk.
Mitigation Recommendations
1. Immediately isolate Fanvil x210 V2 devices on dedicated VLANs with strict access controls to limit local network exposure. 2. Restrict administrative access to these devices to trusted management networks only, using firewall rules and network segmentation. 3. Monitor network traffic for unusual file uploads or firmware update attempts targeting these devices. 4. Disable any unnecessary services or protocols on the devices to reduce attack surface. 5. Engage with Fanvil or authorized vendors to obtain firmware updates or patches as soon as they become available. 6. Implement network access control (NAC) to prevent unauthorized devices from connecting to the LAN. 7. Conduct regular audits of device configurations and logs to detect signs of compromise. 8. Educate IT staff about the vulnerability and ensure incident response plans include scenarios involving telephony device compromise.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-10-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6930a5c0e580ff243daab7ee
Added to database: 12/3/2025, 9:04:00 PM
Last enriched: 12/10/2025, 9:51:03 PM
Last updated: 1/18/2026, 5:35:00 AM
Views: 112
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15533: Heap-based Buffer Overflow in raysan5 raylib
MediumCVE-2026-1110: Buffer Overflow in cijliu librtsp
MediumCVE-2026-1109: Buffer Overflow in cijliu librtsp
MediumCVE-2026-1107: Unrestricted Upload in EyouCMS
MediumCVE-2026-1106: Improper Authorization in Chamilo LMS
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.