CVE-2025-6794
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| marvell | qconvergeconsole | to 5.5.0.85 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6794 is a critical remote code execution vulnerability in Marvell's QConvergeConsole product. It arises from improper validation of user-supplied file paths in the saveAsText method, allowing unauthenticated remote attackers to perform directory traversal attacks. This enables attackers to execute arbitrary code with SYSTEM-level privileges on affected systems. [1]
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated remote attacker to execute arbitrary code with SYSTEM-level privileges on your system, potentially leading to full system compromise, data loss, or unauthorized control over affected installations of Marvell QConvergeConsole. [1]
What immediate steps should I take to mitigate this vulnerability?
Since Marvell QConvergeConsole is no longer supported or patched for this vulnerability, the recommended immediate mitigation is to discontinue use of the QConvergeConsole product entirely to eliminate exposure. Avoid running or exposing the vulnerable service to untrusted networks to prevent exploitation. [1]