Directory Traversal Information Disclosure in Marvell QConvergeConsole
CVE-2025-6795

7.5HIGH

Key Information:

Vendor: Marvell
Status: Qconvergeconsole
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-6795?

The vulnerability identified in Marvell QConvergeConsole arises from an improper validation of user-supplied paths in the getFileUploadSize method. This oversight allows attackers to exploit the system without requiring authentication, potentially revealing sensitive information on affected installations. The flaw can grant unauthorized access to information in the context of SYSTEM, making it critical for organizations to address this issue promptly to safeguard their data against potential exploits.

Affected Version(s)

QConvergeConsole 5.5.0.78

References

https://www.zerodayinitiative.com/advisories/ZDI-25-455/

x_research-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jun 27, 2025