CVE-2025-6799
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-07

Last updated on: 2025-07-14

Assigner: Zero Day Initiative

Description
Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24919.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-07
Last Modified
2025-07-14
Generated
2026-05-07
AI Q&A
2025-07-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6799
EUVD
EUVD-2025-20255
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
marvell qconvergeconsole to 5.5.0.85 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6799 is a directory traversal and information disclosure vulnerability in Marvell's QConvergeConsole, specifically in the getFileUploadBytes method. It occurs because the software does not properly validate user-supplied file paths before using them in file operations. This flaw allows remote attackers to access sensitive information without needing authentication or user interaction, with the disclosed data accessible in the context of the SYSTEM user. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing remote attackers to disclose sensitive information from your system running Marvell QConvergeConsole without any authentication. Since the information is accessed with SYSTEM-level privileges, it can lead to significant confidentiality breaches, potentially exposing critical system data. [1]


What immediate steps should I take to mitigate this vulnerability?

The vendor has indicated that QConvergeConsole is no longer supported or recommended, having reached End of Life and End of Support status. No mitigation other than discontinuation of the product is provided. Therefore, the immediate step to mitigate this vulnerability is to discontinue use of Marvell QConvergeConsole and replace it with a supported alternative. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart