CVE-2025-6805 is a high-severity vulnerability affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability is classified as CWE-22, which corresponds to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. The flaw exists in the deleteEventLogFile method, where user-supplied input specifying a file path is not properly validated before being used in file deletion operations. This lack of validation allows an unauthenticated remote attacker to craft malicious requests that traverse directories and delete arbitrary files on the affected system. The deletion occurs with SYSTEM-level privileges, meaning the attacker can remove critical system or application files, potentially causing denial of service or facilitating further attacks by removing logs or security controls. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely over the network. The CVSS v3.0 base score is 8.2, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts due to arbitrary file deletion. Although no public exploits have been reported yet, the vulnerability was reserved and published in mid-2025 and was tracked by the Zero Day Initiative (ZDI) under ZDI-CAN-24925. The absence of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations or workarounds. This vulnerability is particularly dangerous because it can be exploited remotely without authentication, allowing attackers to disrupt operations or cover tracks by deleting logs, which complicates incident response and forensic investigations.

For European organizations using Marvell QConvergeConsole version 5.5.0.78, this vulnerability poses a significant risk. The ability to delete arbitrary files with SYSTEM privileges can lead to service outages, loss of critical data, and disruption of network management or monitoring functions that rely on QConvergeConsole. This could impact sectors such as telecommunications, data centers, and enterprises that use Marvell networking hardware and software for infrastructure management. The deletion of event logs can hinder detection and response efforts, allowing attackers to maintain persistence or escalate attacks undetected. Given the unauthenticated remote exploitability, attackers can launch attacks from outside the network perimeter, increasing the threat surface. The impact on availability and integrity is high, potentially causing operational downtime and data loss. European organizations with regulatory obligations under GDPR and other data protection laws may face compliance issues if the vulnerability leads to data loss or service disruption. Additionally, critical infrastructure providers in Europe could be targeted to cause widespread disruption, given the strategic importance of network management tools.

1. Immediate mitigation should include restricting network access to the QConvergeConsole management interface using firewalls or network segmentation to limit exposure to trusted administrators only. 2. Implement strict access control lists (ACLs) and VPN requirements to ensure only authorized personnel can reach the vulnerable service. 3. Monitor network traffic for unusual requests targeting the deleteEventLogFile method or suspicious path traversal patterns. 4. Regularly back up configuration files and logs to enable recovery in case of file deletion. 5. If possible, disable or restrict the deleteEventLogFile functionality until a patch is available. 6. Engage with Marvell support or security advisories to obtain patches or official workarounds as soon as they are released. 7. Conduct thorough audits of system logs and file integrity monitoring to detect any signs of exploitation. 8. Educate network administrators about this vulnerability and ensure incident response plans include scenarios involving arbitrary file deletion attacks. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability.