Skip to main content

Qconvergeconsole CVE-2025-6803

| EUVDEUVD-2025-20262 HIGH
Path Traversal (CWE-22)
2025-07-07 zdi-disclosures@trendmicro.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20262
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
CVE Published
Jul 07, 2025 - 15:15 nvd
HIGH 7.5

DescriptionCVE.org

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the compressDriverFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24923.

Analysis

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the compressDriverFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24923.

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

CVE-2025-6793 CRITICAL POC
9.4 Jul 07

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulne

CVE-2025-6794 CRITICAL
9.8 Jul 07

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows r

CVE-2020-15645 HIGH POC
8.8 Aug 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConso

CVE-2020-15643 HIGH POC
8.8 Aug 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConso

CVE-2020-5803 HIGH POC
8.1 Dec 18

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbit

CVE-2025-6805 CRITICAL
9.1 Jul 07

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerabilit

CVE-2025-6798 CRITICAL
9.1 Jul 07

Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability all

CVE-2025-6802 CRITICAL
9.8 Jul 07

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability

CVE-2025-6804 HIGH
7.5 Jul 07

Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulner

CVE-2025-6800 HIGH
7.5 Jul 07

Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerabili

CVE-2025-6799 HIGH
7.5 Jul 07

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability

CVE-2025-6797 HIGH
7.5 Jul 07

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability

Share

CVE-2025-6803 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy