CVE-2025-6806: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of SYSTEM. Was ZDI-CAN-24979.
AI Analysis
Technical Summary
CVE-2025-6806 is a high-severity path traversal vulnerability affecting Marvell QConvergeConsole version 5.5.0.78. The flaw resides in the decryptFile method, where user-supplied file paths are not properly validated before being used in file operations. This improper limitation of a pathname to a restricted directory (CWE-22) enables remote attackers to write arbitrary files anywhere on the affected system without requiring authentication or user interaction. Exploitation allows attackers to create or overwrite files with SYSTEM-level privileges, potentially leading to system compromise or disruption. The vulnerability has a CVSS v3.0 score of 8.2, reflecting its ease of exploitation (network vector, no privileges required, no user interaction) and significant impact on availability and integrity. Although no known public exploits are reported yet, the lack of authentication and the ability to write files as SYSTEM make this a critical risk. The vulnerability was reserved and published in mid-2025, indicating recent discovery and disclosure. Marvell QConvergeConsole is a network management tool used primarily for managing network devices, so compromise could facilitate lateral movement or persistent access in enterprise environments.
Potential Impact
For European organizations, this vulnerability poses a substantial risk to network infrastructure security. Since QConvergeConsole is used to manage network devices, exploitation could allow attackers to deploy malicious files or scripts with SYSTEM privileges, potentially disrupting network operations, causing denial of service, or enabling further compromise of critical systems. The lack of authentication requirement broadens the attack surface, allowing external attackers to target exposed management consoles directly. This could impact confidentiality indirectly if attackers use the foothold to access sensitive data or intercept communications. The integrity and availability of network management systems are directly threatened, which could lead to operational outages or manipulation of network configurations. Organizations relying on Marvell QConvergeConsole for device management must consider this vulnerability a priority to avoid potential network-wide impacts.
Mitigation Recommendations
Immediate mitigation should focus on restricting network access to the QConvergeConsole management interface, ideally limiting it to trusted internal networks or VPNs to reduce exposure. Network-level controls such as firewall rules and segmentation can help prevent unauthorized remote access. Since no patches are currently available, organizations should monitor Marvell’s advisories closely for updates. In the interim, administrators should audit and monitor file system changes on systems running QConvergeConsole for suspicious activity. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect and block unauthorized file writes or execution. Additionally, disabling or restricting the decryptFile functionality if configurable, or running the service with the least privileges possible, can reduce impact. Regular backups and incident response plans should be updated to prepare for potential exploitation scenarios.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-6806: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole
Description
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of SYSTEM. Was ZDI-CAN-24979.
AI-Powered Analysis
Technical Analysis
CVE-2025-6806 is a high-severity path traversal vulnerability affecting Marvell QConvergeConsole version 5.5.0.78. The flaw resides in the decryptFile method, where user-supplied file paths are not properly validated before being used in file operations. This improper limitation of a pathname to a restricted directory (CWE-22) enables remote attackers to write arbitrary files anywhere on the affected system without requiring authentication or user interaction. Exploitation allows attackers to create or overwrite files with SYSTEM-level privileges, potentially leading to system compromise or disruption. The vulnerability has a CVSS v3.0 score of 8.2, reflecting its ease of exploitation (network vector, no privileges required, no user interaction) and significant impact on availability and integrity. Although no known public exploits are reported yet, the lack of authentication and the ability to write files as SYSTEM make this a critical risk. The vulnerability was reserved and published in mid-2025, indicating recent discovery and disclosure. Marvell QConvergeConsole is a network management tool used primarily for managing network devices, so compromise could facilitate lateral movement or persistent access in enterprise environments.
Potential Impact
For European organizations, this vulnerability poses a substantial risk to network infrastructure security. Since QConvergeConsole is used to manage network devices, exploitation could allow attackers to deploy malicious files or scripts with SYSTEM privileges, potentially disrupting network operations, causing denial of service, or enabling further compromise of critical systems. The lack of authentication requirement broadens the attack surface, allowing external attackers to target exposed management consoles directly. This could impact confidentiality indirectly if attackers use the foothold to access sensitive data or intercept communications. The integrity and availability of network management systems are directly threatened, which could lead to operational outages or manipulation of network configurations. Organizations relying on Marvell QConvergeConsole for device management must consider this vulnerability a priority to avoid potential network-wide impacts.
Mitigation Recommendations
Immediate mitigation should focus on restricting network access to the QConvergeConsole management interface, ideally limiting it to trusted internal networks or VPNs to reduce exposure. Network-level controls such as firewall rules and segmentation can help prevent unauthorized remote access. Since no patches are currently available, organizations should monitor Marvell’s advisories closely for updates. In the interim, administrators should audit and monitor file system changes on systems running QConvergeConsole for suspicious activity. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect and block unauthorized file writes or execution. Additionally, disabling or restricting the decryptFile functionality if configurable, or running the service with the least privileges possible, can reduce impact. Regular backups and incident response plans should be updated to prepare for potential exploitation scenarios.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-06-27T14:58:19.980Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 686bdfa06f40f0eb72ea12d4
Added to database: 7/7/2025, 2:54:24 PM
Last enriched: 7/7/2025, 3:10:01 PM
Last updated: 8/9/2025, 6:33:38 AM
Views: 10
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.