Skip to main content

CVE-2025-6793: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole

Critical
VulnerabilityCVE-2025-6793cvecve-2025-6793cwe-22
Published: Mon Jul 07 2025 (07/07/2025, 14:50:28 UTC)
Source: CVE Database V5
Vendor/Project: Marvell
Product: QConvergeConsole

Description

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

AI-Powered Analysis

AILast updated: 07/07/2025, 15:14:24 UTC

Technical Analysis

CVE-2025-6793 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability resides in the QLogicDownloadImpl class, where user-supplied file paths are not properly validated before being used in file operations. This flaw allows remote attackers to craft malicious requests that traverse directories and perform unauthorized file operations. Notably, exploitation does not require any authentication or user interaction, making it highly accessible to attackers. The impact of this vulnerability is twofold: attackers can delete arbitrary files on the system, potentially disrupting services or deleting critical data, and they can also disclose sensitive information by reading files they should not have access to. These actions are executed with SYSTEM-level privileges, indicating the highest level of access on Windows systems, which significantly amplifies the potential damage. The CVSS v3.0 base score of 9.4 reflects the critical nature of this vulnerability, with metrics indicating network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality and availability impacts, with some integrity impact. Although no public exploits are currently known, the combination of ease of exploitation and high impact makes this a severe threat to any organization using the affected software. The vulnerability was publicly disclosed on July 7, 2025, and is tracked under ZDI-CAN-24912, emphasizing its recognition by security researchers and the community.

Potential Impact

For European organizations, the impact of CVE-2025-6793 can be substantial, especially for those relying on Marvell QConvergeConsole for network management and infrastructure operations. The ability for an unauthenticated remote attacker to delete arbitrary files can lead to service outages, loss of critical configuration files, or disruption of network operations, which can affect business continuity. The information disclosure aspect can expose sensitive configuration data, credentials, or proprietary information, increasing the risk of further targeted attacks or data breaches. Given that the vulnerability executes with SYSTEM privileges, the attacker could potentially pivot to other parts of the network or escalate attacks, compounding the damage. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure within Europe, where regulatory compliance (e.g., GDPR) mandates strong security controls. Additionally, the lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of widespread attacks if the vulnerability is weaponized. Organizations may face reputational damage, financial penalties, and operational disruptions if this vulnerability is exploited successfully.

Mitigation Recommendations

To mitigate CVE-2025-6793 effectively, European organizations should take the following specific actions: 1) Immediately identify and inventory all instances of Marvell QConvergeConsole version 5.5.0.78 within their environment. 2) Apply any available patches or updates from Marvell as soon as they are released; if patches are not yet available, consider temporary compensating controls such as network segmentation to isolate affected systems from untrusted networks. 3) Implement strict access controls and firewall rules to restrict external access to the QConvergeConsole management interfaces, limiting exposure to trusted internal networks only. 4) Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal attempts targeting the vulnerable endpoints. 5) Conduct thorough monitoring and logging of file operations and access patterns on systems running QConvergeConsole to detect anomalous activities indicative of exploitation attempts. 6) Educate IT and security teams about the vulnerability and ensure incident response plans are updated to address potential exploitation scenarios. 7) Consider deploying endpoint detection and response (EDR) solutions capable of detecting unauthorized file deletions or access to sensitive files. 8) Regularly review and harden configurations of the QConvergeConsole to minimize attack surface, including disabling unnecessary services or features that could be exploited.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-06-27T14:57:13.970Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 686bdfa06f40f0eb72ea12a3

Added to database: 7/7/2025, 2:54:24 PM

Last enriched: 7/7/2025, 3:14:24 PM

Last updated: 8/13/2025, 6:14:28 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats