Cyber Posture

CVE-2025-64055

CriticalPublic PoC

Published: 03 December 2025

Published
03 December 2025
Modified
09 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0095 76.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

AC-14 explicitly identifies and authorizes only approved actions without identification or authentication, directly preventing unauthorized access to administrative functions like file upload and firmware updates.

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved access authorizations in accordance with policy, mitigating the authentication bypass by blocking unauthenticated local network access to sensitive device functions.

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely identification, reporting, and correction of flaws, directly addressing this authentication bypass via firmware updates as recommended in vendor advisories.

Security SummaryAI

CVE-2025-64055 is an authentication bypass vulnerability affecting the Fanvil x210 V2 device running firmware version 2.12.20. It enables unauthenticated attackers on the local network to access administrative functions, such as file upload, firmware updates, and reboots, through a crafted bypass technique. The issue is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Attackers on the local network can exploit this vulnerability without authentication to gain administrative control over the device. Successful exploitation allows actions like uploading arbitrary files, performing firmware updates that could lead to persistent compromise, or rebooting the device, potentially disrupting operations or enabling further attacks such as remote code execution.

Advisories detailing the issue are available from the vendor at http://fanvil.com and in GitHub repositories maintained by SpikeReply at https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md. Security practitioners should consult these sources for specific mitigation guidance, such as firmware updates or network segmentation recommendations.

Details

CWE(s)
CWE-287

Affected Products

fanvil
x210 firmware
2.12.20

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1529 System Shutdown/Reboot Impact
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
attack.mitre.org →
Why these techniques?

The authentication bypass vulnerability (T1190: Exploit Public-Facing Application) allows unauthenticated local network attackers to access admin functions. This directly facilitates arbitrary file uploads (T1105: Ingress Tool Transfer) and system reboots (T1529: System Shutdown/Reboot), with firmware updates enabling potential persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References