CVE-2025-6800 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2025-6800?

CVE-2025-6800 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated remote attackers to read arbitrary files on systems running Marvell QConvergeConsole. Attackers can exploit a directory traversal flaw in the restoreESwitchConfig method to access sensitive information with SYSTEM privileges. All installations using affected versions are vulnerable.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to read arbitrary files on systems running Marvell QConvergeConsole. Attackers can exploit a directory traversal flaw in the restoreESwitchConfig method to access sensitive information with SYSTEM privileges. All installations using affected versions are vulnerable.

💻 Affected Systems

Products:

Marvell QConvergeConsole

Versions: Specific affected versions not specified in advisory, but likely multiple versions prior to patch

Operating Systems: Windows (based on SYSTEM context reference)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration of affected versions. No special configuration required for exploitation.

📦 What is this software?

Qconvergeconsole by Marvell

View all CVEs affecting Qconvergeconsole →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through disclosure of credentials, configuration files, or other sensitive data leading to lateral movement or privilege escalation.

🟠

Likely Case

Information disclosure of configuration files, logs, or other sensitive data stored on the server, potentially exposing credentials or network information.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to the vulnerable service.

🌐 Internet-Facing: HIGH - No authentication required and remote exploitation possible makes internet-facing instances extremely vulnerable.

🏢 Internal Only: MEDIUM - While still vulnerable, internal-only deployments have reduced attack surface from external threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity. No authentication required makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-459/

Restart Required: Yes

Instructions:

1. Check Marvell security advisories for specific patch version. 2. Download and apply the latest patch from Marvell. 3. Restart the QConvergeConsole service. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to QConvergeConsole to trusted IP addresses only

Use firewall rules to limit access to specific source IPs

Service Disablement

windows

Temporarily disable the vulnerable service if not critically needed

sc stop "Marvell QConvergeConsole Service"
sc config "Marvell QConvergeConsole Service" start= disabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy web application firewall with directory traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if Marvell QConvergeConsole is installed and running. Review version against vendor advisory for affected versions.

Check Version:

Check application version through QConvergeConsole interface or installed programs list

Verify Fix Applied:

Verify patch installation through version check and test that directory traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
HTTP requests containing ../ or directory traversal sequences to restoreESwitchConfig endpoint

Network Indicators:

HTTP requests with path traversal payloads to QConvergeConsole service

SIEM Query:

source="*qconverge*" AND (uri="*../*" OR uri="*..\\*" OR method="POST" AND uri="*restoreESwitchConfig*")

📊 Metadata

CVE ID: CVE-2025-6800

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 15.61% exploit probability (94.5th percentile)

Published: July 7, 2025

Last Updated: July 14, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-459/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6800, you might also want to check these: