CVE-2025-64056

MEDIUM

Fanvil X210 Firmware - Missing Authentication

Title source: rule

Description

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0006
EPSS Percentile 17.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-306
Status published

Affected Products (1)

fanvil/x210_firmware

Timeline

Published Dec 05, 2025
Tracked Since Feb 18, 2026