Directory Traversal and Arbitrary File Deletion in Marvell QConvergeConsole
CVE-2025-6793

9.4CRITICAL

Key Information:

Vendor: Marvell
Status: Qconvergeconsole
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-6793?

The vulnerability in the Marvell QConvergeConsole is caused by insufficient validation of user-supplied paths in the QLogicDownloadImpl class, allowing remote attackers to perform directory traversal. This flaw enables unauthorized file deletion and potential disclosure of sensitive data without requiring authentication, thereby posing significant security risks for affected installations.

Affected Version(s)

QConvergeConsole 5.5.0.78

References

https://www.zerodayinitiative.com/advisories/ZDI-25-450/

x_research-advisory

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.0

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jun 27, 2025