CVE-2025-6794: Marvell QConvergeConsole Directory Traversal Leads to Remote Code Execution

Marvell QConvergeConsole is vulnerable to a directory traversal flaw, allowing unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges. This vulnerability poses a significant risk to systems running the affected software.

Vulnerability Details

CVE ID: CVE-2025-6794
Description: The saveAsText method in Marvell QConvergeConsole fails to properly validate user-supplied paths, allowing directory traversal. This can be exploited by unauthenticated remote attackers to execute arbitrary code.
CVSS Score: 9.8 (Critical)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Explanation: A CVSS score of 9.8 indicates a critical vulnerability. The attack vector is network-based (AV:N), requiring no special network access. Attack complexity is low (AC:L), meaning the exploit is relatively easy to execute. No privileges are required (PR:N), and no user interaction is needed (UI:N). The vulnerability does not change the scope of the affected component (S:U), but it has a high impact on confidentiality (C:H), integrity (I:H), and availability (A:H), allowing full control over the system.
Exploit Requirements: No authentication required. The attacker needs network access to the vulnerable service.
Affected Vendor: Marvell
Affected Product: QConvergeConsole
Affected Version: Not specified in CVE, investigate specific versions for vulnerability.
CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE Explanation: CWE-22 describes a vulnerability where an application allows access to files or directories outside of the intended restricted directory by manipulating file paths. This can lead to unauthorized access, information disclosure, or arbitrary code execution.

Timeline of Events

2025-07-07: CVE Published
2025-07-07: Zero Day Initiative advisory released (ZDI-25-454)

Exploitability & Real-World Risk

The lack of authentication makes this vulnerability highly exploitable. An attacker can remotely trigger the directory traversal in the saveAsText method and upload malicious code to arbitrary locations on the file system, ultimately achieving remote code execution. Given the criticality of the affected software (likely used in data centers or enterprise environments), the real-world risk is high. Successful exploitation could lead to data breaches, system compromise, and denial of service.

Recommendations

Apply the Patch: Check for and apply the latest security patch from Marvell as soon as it becomes available.
Network Segmentation: Implement network segmentation to limit the blast radius of a potential compromise.
Monitor Network Traffic: Monitor network traffic for suspicious activity and unauthorized access attempts.
Principle of Least Privilege: Ensure all system accounts and services operate with the minimum necessary privileges.

Technical Insight

The vulnerability stems from insufficient validation of user-provided file paths within the saveAsText function. Specifically, the application fails to sanitize or normalize the input, allowing attackers to inject characters like ../ to navigate up the directory structure and write files to arbitrary locations. This, in turn, enables the attacker to execute arbitrary commands within the context of the SYSTEM user.

Credit to Researcher(s)

Zero Day Initiative

CVE-2025-6794: Marvell QConvergeConsole Directory Traversal Leads to Remote Code Execution

CVE-2025-6794: Marvell QConvergeConsole Directory Traversal Leads to Remote Code Execution

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form