Skip to main content

CVE-2025-6806: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Marvell QConvergeConsole

High
VulnerabilityCVE-2025-6806cvecve-2025-6806cwe-22
Published: Mon Jul 07 2025 (07/07/2025, 14:51:19 UTC)
Source: CVE Database V5
Vendor/Project: Marvell
Product: QConvergeConsole

Description

Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of SYSTEM. Was ZDI-CAN-24979.

AI-Powered Analysis

AILast updated: 07/07/2025, 15:10:01 UTC

Technical Analysis

CVE-2025-6806 is a high-severity path traversal vulnerability affecting Marvell QConvergeConsole version 5.5.0.78. The flaw resides in the decryptFile method, where user-supplied file paths are not properly validated before being used in file operations. This improper limitation of a pathname to a restricted directory (CWE-22) enables remote attackers to write arbitrary files anywhere on the affected system without requiring authentication or user interaction. Exploitation allows attackers to create or overwrite files with SYSTEM-level privileges, potentially leading to system compromise or disruption. The vulnerability has a CVSS v3.0 score of 8.2, reflecting its ease of exploitation (network vector, no privileges required, no user interaction) and significant impact on availability and integrity. Although no known public exploits are reported yet, the lack of authentication and the ability to write files as SYSTEM make this a critical risk. The vulnerability was reserved and published in mid-2025, indicating recent discovery and disclosure. Marvell QConvergeConsole is a network management tool used primarily for managing network devices, so compromise could facilitate lateral movement or persistent access in enterprise environments.

Potential Impact

For European organizations, this vulnerability poses a substantial risk to network infrastructure security. Since QConvergeConsole is used to manage network devices, exploitation could allow attackers to deploy malicious files or scripts with SYSTEM privileges, potentially disrupting network operations, causing denial of service, or enabling further compromise of critical systems. The lack of authentication requirement broadens the attack surface, allowing external attackers to target exposed management consoles directly. This could impact confidentiality indirectly if attackers use the foothold to access sensitive data or intercept communications. The integrity and availability of network management systems are directly threatened, which could lead to operational outages or manipulation of network configurations. Organizations relying on Marvell QConvergeConsole for device management must consider this vulnerability a priority to avoid potential network-wide impacts.

Mitigation Recommendations

Immediate mitigation should focus on restricting network access to the QConvergeConsole management interface, ideally limiting it to trusted internal networks or VPNs to reduce exposure. Network-level controls such as firewall rules and segmentation can help prevent unauthorized remote access. Since no patches are currently available, organizations should monitor Marvell’s advisories closely for updates. In the interim, administrators should audit and monitor file system changes on systems running QConvergeConsole for suspicious activity. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect and block unauthorized file writes or execution. Additionally, disabling or restricting the decryptFile functionality if configurable, or running the service with the least privileges possible, can reduce impact. Regular backups and incident response plans should be updated to prepare for potential exploitation scenarios.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-06-27T14:58:19.980Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 686bdfa06f40f0eb72ea12d4

Added to database: 7/7/2025, 2:54:24 PM

Last enriched: 7/7/2025, 3:10:01 PM

Last updated: 8/3/2025, 12:37:28 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats