CVE-2025-6805: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24925.
AI Analysis
Technical Summary
CVE-2025-6805 is a high-severity vulnerability affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability is classified as CWE-22, which corresponds to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. The flaw exists in the deleteEventLogFile method, where user-supplied input specifying a file path is not properly validated before being used in file deletion operations. This lack of validation allows an unauthenticated remote attacker to craft malicious requests that traverse directories and delete arbitrary files on the affected system. The deletion occurs with SYSTEM-level privileges, meaning the attacker can remove critical system or application files, potentially causing denial of service or facilitating further attacks by removing logs or security controls. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely over the network. The CVSS v3.0 base score is 8.2, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts due to arbitrary file deletion. Although no public exploits have been reported yet, the vulnerability was reserved and published in mid-2025 and was tracked by the Zero Day Initiative (ZDI) under ZDI-CAN-24925. The absence of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations or workarounds. This vulnerability is particularly dangerous because it can be exploited remotely without authentication, allowing attackers to disrupt operations or cover tracks by deleting logs, which complicates incident response and forensic investigations.
Potential Impact
For European organizations using Marvell QConvergeConsole version 5.5.0.78, this vulnerability poses a significant risk. The ability to delete arbitrary files with SYSTEM privileges can lead to service outages, loss of critical data, and disruption of network management or monitoring functions that rely on QConvergeConsole. This could impact sectors such as telecommunications, data centers, and enterprises that use Marvell networking hardware and software for infrastructure management. The deletion of event logs can hinder detection and response efforts, allowing attackers to maintain persistence or escalate attacks undetected. Given the unauthenticated remote exploitability, attackers can launch attacks from outside the network perimeter, increasing the threat surface. The impact on availability and integrity is high, potentially causing operational downtime and data loss. European organizations with regulatory obligations under GDPR and other data protection laws may face compliance issues if the vulnerability leads to data loss or service disruption. Additionally, critical infrastructure providers in Europe could be targeted to cause widespread disruption, given the strategic importance of network management tools.
Mitigation Recommendations
1. Immediate mitigation should include restricting network access to the QConvergeConsole management interface using firewalls or network segmentation to limit exposure to trusted administrators only. 2. Implement strict access control lists (ACLs) and VPN requirements to ensure only authorized personnel can reach the vulnerable service. 3. Monitor network traffic for unusual requests targeting the deleteEventLogFile method or suspicious path traversal patterns. 4. Regularly back up configuration files and logs to enable recovery in case of file deletion. 5. If possible, disable or restrict the deleteEventLogFile functionality until a patch is available. 6. Engage with Marvell support or security advisories to obtain patches or official workarounds as soon as they are released. 7. Conduct thorough audits of system logs and file integrity monitoring to detect any signs of exploitation. 8. Educate network administrators about this vulnerability and ensure incident response plans include scenarios involving arbitrary file deletion attacks. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-6805: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Description
Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24925.
AI-Powered Analysis
Technical Analysis
CVE-2025-6805 is a high-severity vulnerability affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability is classified as CWE-22, which corresponds to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. The flaw exists in the deleteEventLogFile method, where user-supplied input specifying a file path is not properly validated before being used in file deletion operations. This lack of validation allows an unauthenticated remote attacker to craft malicious requests that traverse directories and delete arbitrary files on the affected system. The deletion occurs with SYSTEM-level privileges, meaning the attacker can remove critical system or application files, potentially causing denial of service or facilitating further attacks by removing logs or security controls. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely over the network. The CVSS v3.0 base score is 8.2, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts due to arbitrary file deletion. Although no public exploits have been reported yet, the vulnerability was reserved and published in mid-2025 and was tracked by the Zero Day Initiative (ZDI) under ZDI-CAN-24925. The absence of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations or workarounds. This vulnerability is particularly dangerous because it can be exploited remotely without authentication, allowing attackers to disrupt operations or cover tracks by deleting logs, which complicates incident response and forensic investigations.
Potential Impact
For European organizations using Marvell QConvergeConsole version 5.5.0.78, this vulnerability poses a significant risk. The ability to delete arbitrary files with SYSTEM privileges can lead to service outages, loss of critical data, and disruption of network management or monitoring functions that rely on QConvergeConsole. This could impact sectors such as telecommunications, data centers, and enterprises that use Marvell networking hardware and software for infrastructure management. The deletion of event logs can hinder detection and response efforts, allowing attackers to maintain persistence or escalate attacks undetected. Given the unauthenticated remote exploitability, attackers can launch attacks from outside the network perimeter, increasing the threat surface. The impact on availability and integrity is high, potentially causing operational downtime and data loss. European organizations with regulatory obligations under GDPR and other data protection laws may face compliance issues if the vulnerability leads to data loss or service disruption. Additionally, critical infrastructure providers in Europe could be targeted to cause widespread disruption, given the strategic importance of network management tools.
Mitigation Recommendations
1. Immediate mitigation should include restricting network access to the QConvergeConsole management interface using firewalls or network segmentation to limit exposure to trusted administrators only. 2. Implement strict access control lists (ACLs) and VPN requirements to ensure only authorized personnel can reach the vulnerable service. 3. Monitor network traffic for unusual requests targeting the deleteEventLogFile method or suspicious path traversal patterns. 4. Regularly back up configuration files and logs to enable recovery in case of file deletion. 5. If possible, disable or restrict the deleteEventLogFile functionality until a patch is available. 6. Engage with Marvell support or security advisories to obtain patches or official workarounds as soon as they are released. 7. Conduct thorough audits of system logs and file integrity monitoring to detect any signs of exploitation. 8. Educate network administrators about this vulnerability and ensure incident response plans include scenarios involving arbitrary file deletion attacks. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-06-27T14:58:15.590Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 686bdfa06f40f0eb72ea12d1
Added to database: 7/7/2025, 2:54:24 PM
Last enriched: 7/7/2025, 3:10:18 PM
Last updated: 8/3/2025, 12:37:28 AM
Views: 10
Related Threats
CVE-2025-8393: CWE-295 in Dreame Technology Dreamehome iOS app
HighCVE-2025-8284: CWE-306 in Packet Power EMX
CriticalCVE-2025-46414: CWE-307 in EG4 Electronics EG4 12kPV
HighCVE-2025-52586: CWE-319 in EG4 Electronics EG4 12kPV
MediumCVE-2025-4576: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.