cbcvebase.
CVE-2025-6793
published 2025-07-07

CVE-2025-6793: Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows…

PriorityP178critical9.4CVSS 3.0
AVNACLPRNUINSUCHILAH
EXPLOIT
EPSS
12.28%
95.7th percentile
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Affected

2 ranges
VendorProductVersion rangeFixed in
marvellqconvergeconsole<= 5.5.0.85
marvellqconvergeconsole

Detection & IOCsextracted from sources · hover to see the quote

pathmodules/auxiliary/gather/qconvergeconsole_traversal.rb
otherZDI-25-450
otherZDI-CAN-24912
  • The vulnerability exists in the QLogicDownloadImpl class; monitor HTTP requests targeting this class for path traversal sequences (e.g., '../') in user-supplied path parameters.
  • No authentication is required to exploit this vulnerability; unauthenticated requests to QConvergeConsole endpoints involving file operations should be treated as suspicious.
  • Exploitation results in both arbitrary file read AND deletion from the remote server; correlate unexpected file disappearances on QConvergeConsole hosts with inbound unauthenticated requests.
  • Affected versions are QConvergeConsole 5.5.0.85 and earlier; identify and prioritize patching or network-isolating hosts running these versions.
  • A public Metasploit auxiliary module (gather/qconvergeconsole_traversal) is available; expect automated exploitation attempts against internet-exposed QConvergeConsole instances.
  • Exploitation runs in the context of SYSTEM; any file read/delete activity from the QConvergeConsole process should be audited for sensitive system files (e.g., SAM, shadow, configuration files).
  • ·The Metasploit module is classified as Auxiliary (gather), not an exploit — it performs file retrieval (and incidental deletion) rather than code execution.
  • ·File retrieval via exploitation is destructive: the retrieved file is simultaneously deleted from the remote server, meaning exploitation leaves a forensic gap on the victim host.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.