What is the CVSS score of EUVD-2025-201414?

EUVD-2025-201414 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of X210 Firmware are affected by EUVD-2025-201414?

Fanvil x210 V2 phones (version 2.12.20) contain a critical vulnerability allowing attackers on the local network to modify system files and configuration without authentication.

Is there a public PoC exploit available for EUVD-2025-201414?

Yes, a public proof-of-concept exploit is available for EUVD-2025-201414. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-201414?

Within 24 hours: Inventory all Fanvil x210 V2 devices running version 2.12.20 and isolate them to a dedicated VLAN with restricted access. Within 7 days: Contact Fanvil for patch availability and timeline; implement network segmentation to restrict local network access to these devices to authorized personnel only. Within 30 days: Deploy available firmware updates immediately upon release; consider replacing devices if no patch is provided within 60 days.

X210 Firmware EUVD-2025-201414

| CVE-2025-64057 HIGH

Path Traversal (CWE-22)

2025-12-05 cve@mitre.org

Path Traversal X210 Firmware

8.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.3 HIGH

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201414

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Jan 09, 2026 - 02:18 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 15:15 nvd

HIGH 8.3

DescriptionCVE.org

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

EUVD-2025-201414 vulnerability details – vuln.today

Back