Skip to main content

CVE-2025-6798: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole

High
VulnerabilityCVE-2025-6798cvecve-2025-6798cwe-22
Published: Mon Jul 07 2025 (07/07/2025, 14:50:49 UTC)
Source: CVE Database V5
Vendor/Project: Marvell
Product: QConvergeConsole

Description

Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24918.

AI-Powered Analysis

AILast updated: 07/07/2025, 15:12:50 UTC

Technical Analysis

CVE-2025-6798 is a high-severity vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability resides in the deleteAppFile method, which fails to properly validate user-supplied file paths before performing file deletion operations. This flaw allows a remote attacker to craft malicious requests that traverse directories and delete arbitrary files on the system where QConvergeConsole is installed. Notably, exploitation does not require any authentication or user interaction, and the deletion occurs with SYSTEM-level privileges, which means the attacker can remove critical system or application files, potentially leading to denial of service or further compromise. The vulnerability was assigned a CVSS v3.0 base score of 8.2, reflecting its high impact due to ease of exploitation (network vector, no privileges or user interaction required) and severe impact on availability and integrity. Although no public exploits have been reported in the wild yet, the vulnerability was disclosed by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-24918. The lack of patch links suggests that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations. Given the critical role of QConvergeConsole in managing Marvell network devices, this vulnerability poses a significant risk to network infrastructure stability and security.

Potential Impact

For European organizations, the impact of CVE-2025-6798 can be substantial, especially those relying on Marvell QConvergeConsole for network device management. Successful exploitation can lead to arbitrary deletion of files with SYSTEM privileges, potentially causing service outages, loss of configuration data, or disruption of network operations. This can affect availability of critical network services and may also facilitate further attacks if key security or system files are deleted. Organizations in sectors such as telecommunications, finance, government, and critical infrastructure that depend on stable network management platforms are particularly at risk. The lack of authentication requirement increases the attack surface, allowing external attackers to target exposed QConvergeConsole instances remotely. This could lead to operational downtime, financial losses, regulatory compliance issues (e.g., GDPR if data availability is impacted), and reputational damage. Additionally, since the vulnerability affects integrity and availability but not confidentiality directly, attackers might use it as a stepping stone for more complex attacks or to disrupt services during geopolitical tensions or cyber conflict scenarios in Europe.

Mitigation Recommendations

Given the absence of an official patch at the time of disclosure, European organizations should implement immediate compensating controls. First, restrict network access to the QConvergeConsole management interface by applying strict firewall rules and network segmentation to limit exposure only to trusted administrators and management networks. Employ VPNs or zero-trust network access solutions to secure remote management connections. Monitor logs and network traffic for unusual deleteAppFile method invocations or anomalous file deletion activities. Implement file integrity monitoring on critical system and application files to detect unauthorized deletions promptly. If possible, disable or restrict the deleteAppFile functionality until a patch is available. Engage with Marvell support to obtain any available security advisories or beta patches. Regularly back up configuration and system files to enable rapid recovery in case of successful exploitation. Finally, maintain up-to-date asset inventories to identify all instances of QConvergeConsole and prioritize remediation efforts accordingly.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-06-27T14:57:36.014Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 686bdfa06f40f0eb72ea12b2

Added to database: 7/7/2025, 2:54:24 PM

Last enriched: 7/7/2025, 3:12:50 PM

Last updated: 8/3/2025, 7:16:13 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats