CVE Catalog

CVE-2025-64055

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile - higher than 37% of all known CVEs

Summary

An issue was discovered in Fanvil x210 V2 version 2.12.20 allowing unauthenticated attackers on the local network to bypass authentication and access administrative functions such as file upload, firmware update, and device reboot.

Risk Assessment

An attacker on the local network can gain full control over the device, potentially compromising system integrity and availability, and using the device as an entry point for further network attacks.

Recommendation

Immediately update the Fanvil x210 V2 firmware to the latest available version and restrict administrative interface access to trusted networks only using firewall rules.

Original NVD description (English source)

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS