CVE-2025-64056 identifies a file upload vulnerability in the Fanvil x210 V2 IP phone, specifically version 2.12.20. This vulnerability allows unauthenticated attackers who have access to the local network to upload arbitrary files to the device's filesystem. The flaw stems from insufficient access control (CWE-306), permitting attackers to bypass authentication requirements and write files without user interaction. While the vulnerability does not directly compromise confidentiality or availability, it impacts integrity by enabling unauthorized file storage, which could be leveraged for malicious payloads, configuration tampering, or establishing persistence on the device. The CVSS score of 4.3 reflects its medium severity, considering the attack vector is local network (AV:A), no privileges required (PR:N), no user interaction (UI:N), and the impact is limited to integrity (I:L) without affecting confidentiality or availability. No patches or known exploits are currently available, indicating that vendors and users should prioritize risk mitigation. The vulnerability affects a specific firmware version, but exact affected versions beyond 2.12.20 are not detailed. Given the device's role in enterprise telephony, exploitation could facilitate lateral movement or further compromise within corporate networks.

For European organizations, the impact primarily concerns the integrity of VoIP infrastructure. Unauthorized file uploads could allow attackers to implant malicious scripts or configuration files, potentially disrupting telephony services or enabling eavesdropping and call interception. While the vulnerability requires local network access, many enterprises have IP phones on segmented voice VLANs, which could be targeted if network segmentation is weak. Disruption or compromise of telephony systems can affect business communications, customer service, and operational continuity. Additionally, compromised devices could serve as footholds for broader network intrusions. The medium severity suggests moderate risk, but organizations with critical communications infrastructure relying on Fanvil devices should treat this as a significant concern. The absence of known exploits reduces immediate risk but also means attackers may develop exploits in the future.

1. Implement strict network segmentation to isolate VoIP devices on dedicated VLANs with controlled access, limiting exposure to untrusted local network users. 2. Monitor network traffic for unusual file upload attempts or anomalous behavior on Fanvil x210 V2 devices. 3. Restrict physical and network access to the devices to trusted personnel only. 4. Regularly audit device configurations and filesystem contents for unauthorized changes. 5. Engage with Fanvil support to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. Employ intrusion detection systems (IDS) tailored to detect suspicious activity on VoIP devices. 7. Consider temporary disabling of file upload features if feasible until patches are released. 8. Educate IT staff about the vulnerability and ensure incident response plans include scenarios involving VoIP device compromise.