CVE-2025-6795 is a medium-severity security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability resides in the getFileUploadSize method, which fails to properly validate user-supplied file paths before performing file operations. This flaw allows a remote attacker to craft malicious requests that traverse directories outside the intended scope, enabling unauthorized disclosure of sensitive information. Notably, exploitation does not require authentication or user interaction, and the attacker can access information with SYSTEM-level privileges, significantly increasing the potential impact. The vulnerability was publicly disclosed on July 7, 2025, and has a CVSS v3.0 base score of 5.3, indicating a medium severity level. Although no known exploits are currently observed in the wild and no official patches have been linked yet, the risk remains due to the ease of exploitation and the high privilege context in which the information disclosure occurs. The vulnerability was assigned by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-24914. The path traversal issue could allow attackers to read arbitrary files on the affected system, potentially exposing configuration files, credentials, or other sensitive data critical to the security posture of the affected environment.

For European organizations using Marvell QConvergeConsole 5.5.0.78, this vulnerability poses a significant risk of sensitive information disclosure without requiring any authentication. The ability to access files with SYSTEM privileges means attackers could obtain highly sensitive data such as system configurations, credentials, or proprietary information. This could lead to further compromise, including lateral movement within networks or escalation to more severe attacks. Given that QConvergeConsole is a network management tool often used in enterprise environments to manage network infrastructure, the exposure of sensitive operational data could disrupt business continuity and undermine trust. Additionally, organizations subject to strict data protection regulations such as GDPR could face compliance risks if personal or sensitive data is disclosed. The lack of authentication requirement lowers the barrier for attackers, increasing the likelihood of exploitation, especially in environments where the product is exposed to untrusted networks or the internet. Although no active exploits are reported yet, the vulnerability’s characteristics warrant proactive mitigation to prevent potential data breaches and operational impacts.

1. Immediate network-level controls: Restrict access to the QConvergeConsole management interface to trusted internal networks only, using firewalls or network segmentation to prevent exposure to untrusted or public networks. 2. Monitor and log all access attempts to the QConvergeConsole interface, focusing on anomalous or unexpected file path requests that may indicate exploitation attempts. 3. Implement strict input validation and filtering at the application or proxy level if possible, to detect and block path traversal patterns in incoming requests. 4. Apply principle of least privilege to the service account running QConvergeConsole, limiting filesystem access to only necessary directories to reduce the impact of potential exploitation. 5. Stay updated with Marvell’s security advisories and apply official patches or updates as soon as they become available. 6. Conduct internal vulnerability scans and penetration tests targeting QConvergeConsole to identify and remediate any exposure. 7. Educate IT and security teams about this vulnerability to ensure rapid detection and response to any suspicious activity related to the product.