CVE-2025-6795
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to perform directory traversal attacks on Marvell QConvergeConsole installations. By exploiting the getFileUploadSize method's improper path validation, attackers can read arbitrary files on the system with SYSTEM privileges. All affected installations are vulnerable without authentication.
💻 Affected Systems
- Marvell QConvergeConsole
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via sensitive file disclosure (passwords, configuration files, private keys) leading to lateral movement, data exfiltration, or further exploitation.
Likely Case
Information disclosure of sensitive system files, potentially exposing credentials, configuration data, or other sensitive information that could enable further attacks.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external access to vulnerable systems.
🎯 Exploit Status
Directory traversal vulnerabilities typically have low exploitation complexity. The ZDI advisory suggests active exploitation is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Marvell security advisory for specific patched version
Vendor Advisory: https://www.marvell.com/support/security-center.html
Restart Required: Yes
Instructions:
1. Check Marvell security advisory for specific patch version
2. Download and apply the latest QConvergeConsole update from Marvell support portal
3. Restart the QConvergeConsole service
4. Verify the patch is applied successfully
🔧 Temporary Workarounds
Network Access Restriction
windowsRestrict network access to QConvergeConsole to trusted IP addresses only
Windows Firewall: New-NetFirewallRule -DisplayName 'Block QConvergeConsole External' -Direction Inbound -Protocol TCP -LocalPort [QCC_PORT] -RemoteAddress 'Internet' -Action Block
Web Application Firewall
allImplement WAF rules to block directory traversal patterns
🧯 If You Can't Patch
- Immediately restrict network access to trusted management networks only
- Monitor logs for directory traversal attempts and file access patterns
🔍 How to Verify
Check if Vulnerable:
Check if QConvergeConsole is running and accessible without authentication. Test with directory traversal payloads to the getFileUploadSize endpoint.Check Version:
Check QConvergeConsole web interface or installation directory for version informationVerify Fix Applied:
Verify patch version matches or exceeds the fixed version in Marvell advisory. Test that directory traversal attempts no longer succeed.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or directory traversal patterns to getFileUploadSize endpoint
- Unusual file access patterns from web service account
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\, %2e%2e%2f)
- Unusual outbound traffic following file access attempts
SIEM Query:
source='web_logs' AND (uri='*getFileUploadSize*' AND (uri='*../*' OR uri='*..\\*' OR uri='*%2e%2e*'))