CVE-2025-64056 – An unauthenticated file upload vulnerability in... (How to Fix)

Q: What is the severity of CVE-2025-64056?

CVE-2025-64056 has a CVSS score of 4.3 (MEDIUM). An unauthenticated file upload vulnerability in Fanvil x210 V2 IP phones allows attackers on the local network to store arbitrary files on the device filesystem. This affects Fanvil x210 V2 devices running firmware version 2.12.20. Attackers must have network access to the vulnerable device.

📋 TL;DR

An unauthenticated file upload vulnerability in Fanvil x210 V2 IP phones allows attackers on the local network to store arbitrary files on the device filesystem. This affects Fanvil x210 V2 devices running firmware version 2.12.20. Attackers must have network access to the vulnerable device.

💻 Affected Systems

Products:

Fanvil x210 V2 IP Phone

Versions: 2.12.20

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with firmware version 2.12.20. Earlier or later versions may not be vulnerable.

📦 What is this software?

X210 Firmware by Fanvil

View all CVEs affecting X210 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could upload malicious firmware or scripts to gain persistent access, modify device functionality, or use the device as a pivot point for lateral movement within the network.

🟠

Likely Case

Attackers upload web shells or malicious scripts to compromise the device, potentially leading to credential theft, surveillance, or denial of service.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the isolated device with no lateral movement possible.

🌐 Internet-Facing: LOW - The vulnerability requires local network access and is not exploitable over the internet unless the device is exposed.

🏢 Internal Only: HIGH - Any attacker on the local network can exploit this without authentication, making internal networks with vulnerable devices high risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access but no authentication. Public proof-of-concept exists in GitHub advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://fanvil.com

Restart Required: No

Instructions:

Check Fanvil website for firmware updates. If available, download latest firmware and follow vendor upgrade instructions.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Fanvil phones on separate VLAN with restricted access

Access Control Lists

all

Implement firewall rules to restrict access to phone management interfaces

🧯 If You Can't Patch

Segment vulnerable devices on isolated network with no access to critical systems
Monitor network traffic to/from Fanvil devices for unusual file upload activity

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or phone display. If version is 2.12.20, device is vulnerable.

Check Version:

Access device web interface at http://[device-ip] and check System Information or use phone display menu

Verify Fix Applied:

After firmware update, verify version is no longer 2.12.20. Test file upload functionality from unauthorized network segments.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload requests to phone management interface
Multiple failed authentication attempts followed by successful file upload

Network Indicators:

HTTP POST requests to file upload endpoints from unauthorized IP addresses
Unusual outbound connections from Fanvil devices

SIEM Query:

source="fanvil-phone" AND (url="*upload*" OR method="POST") AND NOT src_ip IN [authorized_admin_ips]

📊 Metadata

CVE ID: CVE-2025-64056

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-306

EPSS Score: 0.06% exploit probability (17.4th percentile)

Published: December 5, 2025

Last Updated: January 9, 2026

🔗 References

http://fanvil.com Product
https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64056.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64056, you might also want to check these: