CVE-2025-64057

HighPublic PoC

Published: 05 December 2025

Published

05 December 2025

Modified

09 January 2026

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Score 0.0007 21.4th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-64057 is a directory traversal vulnerability (CWE-22) in Fanvil x210 V2 firmware version 2.12.20. Published on 2025-12-05, it carries a CVSS v3.1 base score of 8.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H), indicating high severity due to significant integrity and availability impacts with low confidentiality exposure.

Unauthenticated attackers on the local network can exploit this vulnerability to store files in arbitrary locations on the affected device. Successful exploitation may enable modification of the system configuration or result in other unspecified impacts.

Advisories are available from the vendor at http://fanvil.com and a third-party source at https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64057.md, which may provide further details on patches or mitigation steps.

Details

CWE(s): CWE-22

Affected Products

fanvil

x210 firmware

2.12.20

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Directory traversal vulnerability allows unauthenticated local network attackers to store arbitrary files, directly enabling exploitation of a public-facing application service on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://fanvil.com
Product · cve@mitre.org
https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64057.md
Exploit, Third Party Advisory · cve@mitre.org