Login Sign Up

CVE-2025-64055

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2025-64055 is an authentication bypass vulnerability in Fanvil x210 V2 IP phones that allows unauthenticated attackers on the local network to access administrative functions. This affects organizations using these devices, particularly those with the phones exposed to untrusted networks. Attackers can perform actions like firmware uploads, file manipulation, and device reboots without credentials.

💻 Affected Systems

Products:
  • Fanvil x210 V2
Versions: 2.12.20
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with web administration interface enabled (default). Requires local network access to exploit.

📦 What is this software?

X210 Firmware by Fanvil

View all CVEs affecting X210 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing firmware replacement with malicious code, persistent backdoor installation, credential theft, and use as a pivot point into the network.

🟠

Likely Case

Unauthorized administrative access leading to device disruption, configuration changes, call interception, and potential data exfiltration.

🟢

If Mitigated

Limited impact if devices are properly segmented and network access controls prevent unauthorized local network access.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the GitHub advisory. The vulnerability requires crafting specific requests to bypass authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://fanvil.com

Restart Required: No

Instructions:

1. Check Fanvil website for firmware updates. 2. Download latest firmware if available. 3. Upload via web interface. 4. Apply update. 5. Verify version after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Fanvil phones on separate VLAN with strict access controls

Disable Web Interface

all

Turn off web administration interface if not required

🧯 If You Can't Patch

  • Implement strict network access controls to limit which devices can communicate with the phones
  • Monitor network traffic to/from Fanvil devices for suspicious administrative requests

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip] or via phone menu System > Status > Version

Check Version:

curl -s http://[device-ip]/cgi-bin/getSystemInfo.cgi | grep Firmware

Verify Fix Applied:

Verify firmware version is newer than 2.12.20 and test authentication bypass attempts fail

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to administrative endpoints
  • Multiple failed login attempts followed by successful administrative actions

Network Indicators:

  • Unusual HTTP POST requests to administrative endpoints from unauthorized IPs
  • Traffic to firmware upload endpoints without preceding authentication

SIEM Query:

source="fanvil_web_logs" AND (uri="/cgi-bin/updateFirmware.cgi" OR uri="/cgi-bin/uploadFile.cgi") AND NOT (user!="")

📊 Metadata

CVE ID: CVE-2025-64055
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.58% exploit probability (68.3th percentile)
Published: December 3, 2025
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64055, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)