How to fix EUVD-2025-201105?

Within 24 hours: Inventory all Fanvil x210 V2 devices running version 2.12.20 and isolate them to a dedicated VLAN with strict access controls. Within 7 days: Implement network segmentation to restrict Layer 2/3 access to these devices from untrusted network segments; disable unnecessary administrative features if supported by firmware; deploy network monitoring on device management traffic. Within 30 days: Contact Fanvil for patch ETA; evaluate replacement with alternative IP phone vendors if patch timeline is unacceptable; conduct forensic audit of device logs for unauthorized access indicators.

Is X210 Firmware affected by EUVD-2025-201105?

Critical vulnerability in Fanvil x210 V2 IP phones allows unauthenticated attackers on the local network to bypass authentication and gain full administrative control, enabling firmware manipulation, file uploads, and device reboots.

EUVD-2025-201105

| CVE-2025-64055 CRITICAL

2025-12-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201105

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Jan 09, 2026 - 02:18 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 21:15 nvd

CRITICAL 9.8

Description

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

Affected Products

Affected products: Fanvil X210 Firmware 2.12.20

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +49

POC: +20

EUVD-2025-201105 vulnerability details – vuln.today

Back

EUVD-2025-201105

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201105

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code