CVE-2025-64055CRITICAL 9.8EPSS p39.5%

CVE-2025-64055CVE-2025-64055

Description

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.5% · 2026-06-19T12:03:05Z
Published2025-12-03
Last modified2026-01-09

Underlying weaknesses· 1

CWE-287

References

  1. http://fanvil.com
  2. https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md
  3. https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64055.md

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64057
CVE
CVE-2025-64054
CVE
CVE-2025-28202
CVE
CVE-2025-41651
CVE
CVE-2025-15517
CVE
CVE-2025-48469
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.