CVE-2025-6799 is a high-severity security vulnerability identified in Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability is classified as CWE-22, which corresponds to an improper limitation of a pathname to a restricted directory, commonly known as a path traversal flaw. The root cause lies in the getFileUploadBytes method, where the software fails to properly validate user-supplied file paths before performing file operations. This lack of validation allows an unauthenticated remote attacker to craft malicious requests that traverse directories outside the intended scope, thereby accessing sensitive files on the system. Notably, exploitation does not require any authentication or user interaction, significantly lowering the barrier for attackers. The vulnerability enables disclosure of sensitive information with SYSTEM-level privileges, which implies that the attacker can read files with the highest level of access on the affected system. Although no known exploits are currently reported in the wild, the CVSS v3.0 base score of 7.5 indicates a high risk due to the combination of network attack vector, no required privileges, no user interaction, and high confidentiality impact. The vulnerability was publicly disclosed on July 7, 2025, and was tracked under ZDI-CAN-24919. No patches or mitigations have been officially released at the time of this report, emphasizing the need for immediate attention by affected organizations.

For European organizations, the impact of CVE-2025-6799 can be significant, especially for those relying on Marvell QConvergeConsole for network device management or monitoring. The ability for unauthenticated attackers to remotely access sensitive system files can lead to exposure of confidential configuration data, credentials, or other critical information, potentially facilitating further attacks such as lateral movement, privilege escalation, or targeted espionage. Given that the vulnerability operates at SYSTEM privilege level, the confidentiality breach could be extensive. This risk is heightened in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, where unauthorized disclosure could result in regulatory penalties, operational disruption, or reputational damage. Additionally, the vulnerability's network accessibility means attackers can exploit it remotely without needing to be on the internal network, increasing the attack surface. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score and ease of exploitation necessitate urgent remediation to prevent potential future attacks.

To mitigate CVE-2025-6799 effectively, European organizations should implement the following specific measures: 1) Immediate inventory and identification of all systems running Marvell QConvergeConsole version 5.5.0.78 to assess exposure. 2) Apply any available vendor patches or updates as soon as they are released; if no patch is available, consider temporary compensating controls such as network segmentation or firewall rules to restrict external access to the QConvergeConsole management interface. 3) Employ strict access control lists (ACLs) to limit which IP addresses or networks can reach the affected service, ideally restricting it to trusted internal management networks. 4) Monitor network traffic and system logs for unusual file access patterns or unauthorized requests targeting the getFileUploadBytes method or related endpoints. 5) Consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal attempts. 6) Conduct security awareness and incident response drills focused on this vulnerability to ensure rapid detection and response. 7) Evaluate the feasibility of disabling or replacing the vulnerable component if patching is delayed, especially in high-risk environments. These targeted actions go beyond generic advice by focusing on immediate risk reduction and detection tailored to the vulnerability's characteristics.