CVE-2025-64055
Published: 03 December 2025
Summary
CVE-2025-64055 is a critical-severity Improper Authentication (CWE-287) vulnerability in Fanvil X210 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly identifies and authorizes only approved actions without identification or authentication, directly preventing unauthorized access to administrative functions like file upload and firmware updates.
AC-3 enforces approved access authorizations in accordance with policy, mitigating the authentication bypass by blocking unauthenticated local network access to sensitive device functions.
SI-2 requires timely identification, reporting, and correction of flaws, directly addressing this authentication bypass via firmware updates as recommended in vendor advisories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The authentication bypass vulnerability (T1190: Exploit Public-Facing Application) allows unauthenticated local network attackers to access admin functions. This directly facilitates arbitrary file uploads (T1105: Ingress Tool Transfer) and system reboots (T1529: System Shutdown/Reboot), with firmware updates enabling potential persistence.
NVD Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Deeper analysisAI
CVE-2025-64055 is an authentication bypass vulnerability affecting the Fanvil x210 V2 device running firmware version 2.12.20. It enables unauthenticated attackers on the local network to access administrative functions, such as file upload, firmware updates, and reboots, through a crafted bypass technique. The issue is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
Attackers on the local network can exploit this vulnerability without authentication to gain administrative control over the device. Successful exploitation allows actions like uploading arbitrary files, performing firmware updates that could lead to persistent compromise, or rebooting the device, potentially disrupting operations or enabling further attacks such as remote code execution.
Advisories detailing the issue are available from the vendor at http://fanvil.com and in GitHub repositories maintained by SpikeReply at https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md. Security practitioners should consult these sources for specific mitigation guidance, such as firmware updates or network segmentation recommendations.
Details
- CWE(s)