Login Sign Up

CVE-2025-6797

7.5 HIGH

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to read arbitrary files on Marvell QConvergeConsole installations via directory traversal. Attackers can exploit the getFileUploadBytes method's improper path validation to access sensitive system files with SYSTEM privileges. All affected QConvergeConsole deployments are vulnerable.

💻 Affected Systems

Products:
  • Marvell QConvergeConsole
Versions: Specific versions not detailed in advisory; all vulnerable versions prior to patch
Operating Systems: Windows (based on SYSTEM context)
Default Config Vulnerable: ⚠️ Yes
Notes: Authentication is not required; default installations are vulnerable. The SYSTEM context indicates Windows operating systems.

📦 What is this software?

Qconvergeconsole by Marvell

View all CVEs affecting Qconvergeconsole →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via disclosure of credentials, configuration files, or other sensitive data leading to lateral movement or full network takeover.

🟠

Likely Case

Information disclosure of configuration files, logs, or credentials stored on the server, potentially enabling further attacks.

🟢

If Mitigated

Limited impact if file system permissions restrict sensitive files and network segmentation isolates the vulnerable system.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit with simple HTTP requests. No authentication required increases weaponization likelihood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Marvell advisory for specific patched version

Vendor Advisory: https://www.marvell.com/support/security-advisories.html

Restart Required: Yes

Instructions:

1. Check Marvell security advisory for patched version. 2. Download and install the update from Marvell support portal. 3. Restart the QConvergeConsole service or server.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to QConvergeConsole to trusted IPs only

Web Application Firewall

all

Deploy WAF with rules to block directory traversal patterns

🧯 If You Can't Patch

  • Isolate the vulnerable system in a restricted network segment with no internet access
  • Implement strict file system permissions to limit accessible directories

🔍 How to Verify

Check if Vulnerable:

Test by sending crafted HTTP requests to the getFileUploadBytes endpoint with directory traversal sequences (e.g., ../../etc/passwd)

Check Version:

Check QConvergeConsole web interface or installation directory for version information

Verify Fix Applied:

After patching, retest exploitation attempts; they should return errors or be blocked

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing ../ sequences to getFileUploadBytes endpoint
  • Unusual file access patterns from web server process

Network Indicators:

  • HTTP requests with path traversal patterns (../, ..\) to vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="*getFileUploadBytes*" AND (uri="*../*" OR uri="*..\*")

📊 Metadata

CVE ID: CVE-2025-6797
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 15.61% exploit probability (94.5th percentile)
Published: July 7, 2025
Last Updated: July 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6797, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)