CVE-2025-6802
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to upload arbitrary files to Marvell QConvergeConsole servers, leading to remote code execution with SYSTEM privileges. All installations of affected Marvell QConvergeConsole versions are vulnerable. Attackers can exploit this without any authentication.
💻 Affected Systems
- Marvell QConvergeConsole
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges, allowing attackers to install malware, steal data, pivot to other systems, or disrupt operations.
Likely Case
Remote code execution leading to ransomware deployment, data exfiltration, or creation of persistent backdoors.
If Mitigated
If properly segmented and monitored, impact limited to the affected system with detection of exploitation attempts.
🎯 Exploit Status
Unrestricted file upload to RCE is a common attack pattern with readily available exploit techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Marvell security advisory for specific patched versions
Vendor Advisory: https://www.marvell.com/support/security-advisories.html
Restart Required: Yes
Instructions:
1. Check Marvell security advisory for patched version
2. Download and install the patched version from Marvell support portal
3. Restart the QConvergeConsole service
4. Verify the patch is applied
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to QConvergeConsole to only trusted management networks
firewall rules to block external access to QConvergeConsole ports
Web Application Firewall
allDeploy WAF with file upload restrictions and RCE protection rules
🧯 If You Can't Patch
- Immediately isolate affected systems from internet and untrusted networks
- Implement strict network monitoring and alerting for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check QConvergeConsole version against Marvell's patched version list in security advisoryCheck Version:
Check QConvergeConsole web interface or installation directory for version informationVerify Fix Applied:
Verify installed version matches patched version from Marvell advisory and test file upload functionality📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to QConvergeConsole
- GET/POST requests to getFileFromURL endpoint with file parameters
- Execution of unexpected processes by QConvergeConsole service
Network Indicators:
- HTTP requests to QConvergeConsole with file upload patterns from unexpected sources
- Outbound connections from QConvergeConsole to suspicious destinations
SIEM Query:
source="qconvergeconsole" AND (url="*getFileFromURL*" OR method="POST" AND uri="*upload*")