CVE-2025-6804 is a high-severity security vulnerability classified as CWE-22, indicating an improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This flaw exists in the Marvell QConvergeConsole product, specifically in version 5.5.0.78, within the compressFirmwareDumpFiles method. The vulnerability arises because the application fails to properly validate user-supplied file paths before performing file operations. As a result, a remote attacker can craft malicious requests that traverse directories outside the intended scope, enabling unauthorized access to sensitive files on the system. Notably, exploitation does not require any authentication or user interaction, and the attacker can disclose information with SYSTEM-level privileges, which is the highest level of access on Windows systems. The vulnerability was assigned a CVSS v3.0 base score of 7.5, reflecting its high impact on confidentiality without affecting integrity or availability. Although no public exploits are currently known in the wild, the ease of exploitation and the high privilege context make this a significant threat. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24924 and published on July 7, 2025. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations.

For European organizations, the impact of CVE-2025-6804 can be substantial, especially for those relying on Marvell QConvergeConsole for network device management or firmware operations. Since the vulnerability allows unauthenticated remote attackers to disclose sensitive system information at SYSTEM privilege level, it can lead to significant confidentiality breaches. Attackers could potentially access configuration files, credentials, or other sensitive data that could facilitate further attacks such as lateral movement, privilege escalation, or targeted espionage. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, telecommunications, and critical infrastructure. The disclosure of sensitive information could also lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the vulnerability’s remote and unauthenticated nature increases the attack surface, making it easier for threat actors to exploit without insider access or user interaction. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score indicates that exploitation could have serious consequences for confidentiality and organizational security posture.

Given the absence of an official patch at this time, European organizations should implement the following specific mitigations: 1) Restrict network access to the Marvell QConvergeConsole management interface by implementing strict firewall rules and network segmentation, limiting exposure to trusted administrative networks only. 2) Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal patterns in HTTP requests targeting the compressFirmwareDumpFiles endpoint. 3) Conduct thorough logging and monitoring of all access to QConvergeConsole, focusing on anomalous file path requests or unusual access patterns that could indicate exploitation attempts. 4) Temporarily disable or restrict the compressFirmwareDumpFiles functionality if feasible, until a vendor patch is available. 5) Engage with Marvell support channels to obtain any available vendor advisories or beta patches and apply them promptly. 6) Perform regular vulnerability scans and penetration tests focused on path traversal and directory traversal vulnerabilities to identify any residual risks. 7) Educate IT and security teams about this specific vulnerability to ensure rapid detection and response to any suspicious activity related to QConvergeConsole.