CVE-2025-6804: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressFirmwareDumpFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24924.
AI Analysis
Technical Summary
CVE-2025-6804 is a high-severity security vulnerability classified as CWE-22, indicating an improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This flaw exists in the Marvell QConvergeConsole product, specifically in version 5.5.0.78, within the compressFirmwareDumpFiles method. The vulnerability arises because the application fails to properly validate user-supplied file paths before performing file operations. As a result, a remote attacker can craft malicious requests that traverse directories outside the intended scope, enabling unauthorized access to sensitive files on the system. Notably, exploitation does not require any authentication or user interaction, and the attacker can disclose information with SYSTEM-level privileges, which is the highest level of access on Windows systems. The vulnerability was assigned a CVSS v3.0 base score of 7.5, reflecting its high impact on confidentiality without affecting integrity or availability. Although no public exploits are currently known in the wild, the ease of exploitation and the high privilege context make this a significant threat. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24924 and published on July 7, 2025. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations.
Potential Impact
For European organizations, the impact of CVE-2025-6804 can be substantial, especially for those relying on Marvell QConvergeConsole for network device management or firmware operations. Since the vulnerability allows unauthenticated remote attackers to disclose sensitive system information at SYSTEM privilege level, it can lead to significant confidentiality breaches. Attackers could potentially access configuration files, credentials, or other sensitive data that could facilitate further attacks such as lateral movement, privilege escalation, or targeted espionage. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, telecommunications, and critical infrastructure. The disclosure of sensitive information could also lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the vulnerability’s remote and unauthenticated nature increases the attack surface, making it easier for threat actors to exploit without insider access or user interaction. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score indicates that exploitation could have serious consequences for confidentiality and organizational security posture.
Mitigation Recommendations
Given the absence of an official patch at this time, European organizations should implement the following specific mitigations: 1) Restrict network access to the Marvell QConvergeConsole management interface by implementing strict firewall rules and network segmentation, limiting exposure to trusted administrative networks only. 2) Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal patterns in HTTP requests targeting the compressFirmwareDumpFiles endpoint. 3) Conduct thorough logging and monitoring of all access to QConvergeConsole, focusing on anomalous file path requests or unusual access patterns that could indicate exploitation attempts. 4) Temporarily disable or restrict the compressFirmwareDumpFiles functionality if feasible, until a vendor patch is available. 5) Engage with Marvell support channels to obtain any available vendor advisories or beta patches and apply them promptly. 6) Perform regular vulnerability scans and penetration tests focused on path traversal and directory traversal vulnerabilities to identify any residual risks. 7) Educate IT and security teams about this specific vulnerability to ensure rapid detection and response to any suspicious activity related to QConvergeConsole.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland
CVE-2025-6804: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Description
Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressFirmwareDumpFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24924.
AI-Powered Analysis
Technical Analysis
CVE-2025-6804 is a high-severity security vulnerability classified as CWE-22, indicating an improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This flaw exists in the Marvell QConvergeConsole product, specifically in version 5.5.0.78, within the compressFirmwareDumpFiles method. The vulnerability arises because the application fails to properly validate user-supplied file paths before performing file operations. As a result, a remote attacker can craft malicious requests that traverse directories outside the intended scope, enabling unauthorized access to sensitive files on the system. Notably, exploitation does not require any authentication or user interaction, and the attacker can disclose information with SYSTEM-level privileges, which is the highest level of access on Windows systems. The vulnerability was assigned a CVSS v3.0 base score of 7.5, reflecting its high impact on confidentiality without affecting integrity or availability. Although no public exploits are currently known in the wild, the ease of exploitation and the high privilege context make this a significant threat. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24924 and published on July 7, 2025. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations.
Potential Impact
For European organizations, the impact of CVE-2025-6804 can be substantial, especially for those relying on Marvell QConvergeConsole for network device management or firmware operations. Since the vulnerability allows unauthenticated remote attackers to disclose sensitive system information at SYSTEM privilege level, it can lead to significant confidentiality breaches. Attackers could potentially access configuration files, credentials, or other sensitive data that could facilitate further attacks such as lateral movement, privilege escalation, or targeted espionage. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, telecommunications, and critical infrastructure. The disclosure of sensitive information could also lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the vulnerability’s remote and unauthenticated nature increases the attack surface, making it easier for threat actors to exploit without insider access or user interaction. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score indicates that exploitation could have serious consequences for confidentiality and organizational security posture.
Mitigation Recommendations
Given the absence of an official patch at this time, European organizations should implement the following specific mitigations: 1) Restrict network access to the Marvell QConvergeConsole management interface by implementing strict firewall rules and network segmentation, limiting exposure to trusted administrative networks only. 2) Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal patterns in HTTP requests targeting the compressFirmwareDumpFiles endpoint. 3) Conduct thorough logging and monitoring of all access to QConvergeConsole, focusing on anomalous file path requests or unusual access patterns that could indicate exploitation attempts. 4) Temporarily disable or restrict the compressFirmwareDumpFiles functionality if feasible, until a vendor patch is available. 5) Engage with Marvell support channels to obtain any available vendor advisories or beta patches and apply them promptly. 6) Perform regular vulnerability scans and penetration tests focused on path traversal and directory traversal vulnerabilities to identify any residual risks. 7) Educate IT and security teams about this specific vulnerability to ensure rapid detection and response to any suspicious activity related to QConvergeConsole.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-06-27T14:58:10.809Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 686bdfa06f40f0eb72ea12ce
Added to database: 7/7/2025, 2:54:24 PM
Last enriched: 7/7/2025, 3:10:37 PM
Last updated: 8/3/2025, 12:37:28 AM
Views: 10
Related Threats
CVE-2025-36023: CWE-639 Authorization Bypass Through User-Controlled Key in IBM Cloud Pak for Business Automation
MediumCVE-2025-8730: Hard-coded Credentials in Belkin F9K1009
CriticalCVE-2025-36119: CWE-290 Authentication Bypass by Spoofing
HighCVE-2025-22963: CWE-352 Cross-Site Request Forgery (CSRF) in Sismics Teedy
HighCVE-2025-8729: Path Traversal in MigoXLab LMeterX
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.