CVE-2025-6802: CWE-434: Unrestricted Upload of File with Dangerous Type in Marvell QConvergeConsole
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.
AI Analysis
Technical Summary
CVE-2025-6802 is a critical remote code execution vulnerability affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability arises from improper validation in the getFileFromURL method, which allows an unauthenticated remote attacker to upload arbitrary files without restriction. This is classified under CWE-434, indicating an unrestricted file upload of dangerous types. Because the uploaded files can be crafted to execute arbitrary code, the attacker can achieve SYSTEM-level privileges on the affected system. The vulnerability does not require any authentication or user interaction, making exploitation straightforward if the vulnerable service is exposed. The CVSS v3.0 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over the network. While no public exploits are currently known, the severity and nature of the flaw make it a significant risk for any organization using the affected version of QConvergeConsole. The lack of patch links suggests that a fix may not yet be publicly available, increasing the urgency for mitigation.
Potential Impact
For European organizations, this vulnerability poses a severe threat, particularly to those in sectors relying on Marvell's QConvergeConsole for network or storage management. Successful exploitation could lead to full system compromise, data breaches, disruption of critical services, and potential lateral movement within networks. Given the SYSTEM-level code execution, attackers could deploy ransomware, steal sensitive data, or disrupt operations. The unauthenticated nature of the exploit increases the risk of automated attacks and worm-like propagation if the vulnerable service is internet-facing or accessible from less secure network segments. This could impact industries such as telecommunications, data centers, and enterprises with Marvell-based infrastructure, potentially leading to significant operational and reputational damage. Additionally, regulatory implications under GDPR could arise if personal data confidentiality is compromised.
Mitigation Recommendations
Immediate mitigation steps include restricting network access to the QConvergeConsole management interface, ideally limiting it to trusted internal networks and VPNs. Organizations should implement strict firewall rules and network segmentation to prevent unauthorized external access. Monitoring network traffic for unusual file upload attempts or unexpected connections to the getFileFromURL endpoint is advised. Since no patch is currently available, consider disabling or restricting the vulnerable functionality if possible. Employ application-layer gateways or web application firewalls (WAFs) to detect and block malicious file upload attempts targeting this vulnerability. Regularly review logs for signs of exploitation attempts. Once a patch is released by Marvell, prioritize prompt testing and deployment. Additionally, conduct thorough audits of affected systems to identify any signs of compromise and ensure backups are current and secure to enable recovery if needed.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2025-6802: CWE-434: Unrestricted Upload of File with Dangerous Type in Marvell QConvergeConsole
Description
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.
AI-Powered Analysis
Technical Analysis
CVE-2025-6802 is a critical remote code execution vulnerability affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability arises from improper validation in the getFileFromURL method, which allows an unauthenticated remote attacker to upload arbitrary files without restriction. This is classified under CWE-434, indicating an unrestricted file upload of dangerous types. Because the uploaded files can be crafted to execute arbitrary code, the attacker can achieve SYSTEM-level privileges on the affected system. The vulnerability does not require any authentication or user interaction, making exploitation straightforward if the vulnerable service is exposed. The CVSS v3.0 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over the network. While no public exploits are currently known, the severity and nature of the flaw make it a significant risk for any organization using the affected version of QConvergeConsole. The lack of patch links suggests that a fix may not yet be publicly available, increasing the urgency for mitigation.
Potential Impact
For European organizations, this vulnerability poses a severe threat, particularly to those in sectors relying on Marvell's QConvergeConsole for network or storage management. Successful exploitation could lead to full system compromise, data breaches, disruption of critical services, and potential lateral movement within networks. Given the SYSTEM-level code execution, attackers could deploy ransomware, steal sensitive data, or disrupt operations. The unauthenticated nature of the exploit increases the risk of automated attacks and worm-like propagation if the vulnerable service is internet-facing or accessible from less secure network segments. This could impact industries such as telecommunications, data centers, and enterprises with Marvell-based infrastructure, potentially leading to significant operational and reputational damage. Additionally, regulatory implications under GDPR could arise if personal data confidentiality is compromised.
Mitigation Recommendations
Immediate mitigation steps include restricting network access to the QConvergeConsole management interface, ideally limiting it to trusted internal networks and VPNs. Organizations should implement strict firewall rules and network segmentation to prevent unauthorized external access. Monitoring network traffic for unusual file upload attempts or unexpected connections to the getFileFromURL endpoint is advised. Since no patch is currently available, consider disabling or restricting the vulnerable functionality if possible. Employ application-layer gateways or web application firewalls (WAFs) to detect and block malicious file upload attempts targeting this vulnerability. Regularly review logs for signs of exploitation attempts. Once a patch is released by Marvell, prioritize prompt testing and deployment. Additionally, conduct thorough audits of affected systems to identify any signs of compromise and ensure backups are current and secure to enable recovery if needed.
Affected Countries
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-06-27T14:57:56.094Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 686bdfa06f40f0eb72ea12c8
Added to database: 7/7/2025, 2:54:24 PM
Last enriched: 7/7/2025, 3:11:10 PM
Last updated: 1/7/2026, 8:57:22 AM
Views: 48
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15158: CWE-434 Unrestricted Upload of File with Dangerous Type in eastsidecode WP Enable WebP
HighCVE-2025-15018: CWE-639 Authorization Bypass Through User-Controlled Key in djanym Optional Email
CriticalCVE-2025-15000: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tfrommen Page Keys
MediumCVE-2025-14999: CWE-352 Cross-Site Request Forgery (CSRF) in kentothemes Latest Tabs
MediumCVE-2025-13531: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in hayyatapps Stylish Order Form Builder
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.