What is the CVSS score of CVE-2025-64055?

CVE-2025-64055 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of X210 Firmware are affected by CVE-2025-64055?

Critical vulnerability in Fanvil x210 V2 IP phones allows unauthenticated attackers on the local network to bypass authentication and gain full administrative control, enabling firmware manipulation,…

Is there a public PoC exploit available for CVE-2025-64055?

Yes, a public proof-of-concept exploit is available for CVE-2025-64055. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-64055?

Within 24 hours: Inventory all Fanvil x210 V2 devices running version 2.12.20 and isolate them to a dedicated VLAN with strict access controls. Within 7 days: Implement network segmentation to restrict Layer 2/3 access to these devices from untrusted network segments; disable unnecessary administrative features if supported by firmware; deploy network monitoring on device management traffic. Within 30 days: Contact Fanvil for patch ETA; evaluate replacement with alternative IP phone vendors if patch timeline is unacceptable; conduct forensic audit of device logs for unauthorized access indicators.

X210 Firmware CVE-2025-64055

EUVD-2025-201105 CRITICAL

Improper Authentication (CWE-287)

2025-12-03 cve@mitre.org

Authentication Bypass File Upload X210 Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201105

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Jan 09, 2026 - 02:18 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 21:15 nvd

CRITICAL 9.8

DescriptionNVD

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Analysis

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

CVE-2025-64055 vulnerability details – vuln.today

Back

X210 Firmware CVE-2025-64055

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code