CVE-2025-64055

Published: Dec 3, 2025Modified: Jan 9, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Affected (1)

Products: Fanvil: X210 Firmware

Fanvil

1 product

X210 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fanvil X210 Firmware	Version 2.12.20

Running on/with	Platform Versions
Fanvil X210	Version 2.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (3)

http://fanvil.com

Source: cve@mitre.org

Product

https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.