CVE-2025-64057 is a directory traversal vulnerability identified in the Fanvil X210 V2 IP phone firmware version 2.12.20. This flaw allows an unauthenticated attacker with access to the local network to exploit the device by storing files in arbitrary locations on the system. Directory traversal vulnerabilities typically occur when user-supplied input is not properly sanitized, enabling attackers to escape the intended directory context and write or overwrite files elsewhere in the file system. In this case, the attacker can potentially modify system configuration files or place malicious files that could alter device behavior, disrupt telephony services, or facilitate further compromise. The vulnerability does not require authentication or user interaction, making it easier to exploit in environments where the attacker has local network access. Although no known exploits are reported in the wild yet, the risk remains significant due to the critical role of IP phones in enterprise communications. The absence of a CVSS score means severity must be inferred from the vulnerability characteristics: the ability to write arbitrary files without authentication, the potential impact on system integrity and availability, and the scope limited to local network access. Fanvil X210 V2 devices are commonly deployed in enterprise and government telephony infrastructures, making this vulnerability a concern for organizations relying on these devices for secure communications.

For European organizations, the impact of this vulnerability could be substantial. Exploitation can lead to unauthorized modification of IP phone configurations, potentially disrupting voice communications, causing denial of service, or enabling attackers to intercept or manipulate calls. This could affect confidentiality, integrity, and availability of communications, critical for sectors such as finance, healthcare, government, and critical infrastructure. Additionally, compromised devices could serve as footholds for lateral movement within corporate networks, increasing the risk of broader network compromise. The local network access requirement limits remote exploitation but does not eliminate risk, especially in environments with insufficient network segmentation or where attackers have gained internal access through other means. The lack of a patch or mitigation details increases exposure until a fix is released. Organizations with large deployments of Fanvil devices or those in regulated industries face heightened risk of operational disruption and compliance violations.

1. Immediately implement strict network segmentation to isolate IP phones from general user networks and untrusted devices, limiting local network access to authorized personnel only. 2. Monitor network traffic for unusual file write operations or configuration changes on Fanvil X210 V2 devices. 3. Disable any unnecessary services or protocols on the IP phones to reduce the attack surface. 4. Apply access control lists (ACLs) on switches and routers to restrict communication to and from IP phones. 5. Regularly audit device configurations and logs for signs of tampering or unauthorized changes. 6. Engage with Fanvil or authorized vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. Consider temporary compensating controls such as VPNs or encrypted management channels to secure device management interfaces. 8. Educate IT staff about the vulnerability and ensure incident response plans include procedures for compromised telephony devices.