CVE-2025-6798
published 2025-07-07CVE-2025-6798: Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete…
PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.35%
68.0th percentile
Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24918.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.0.0 < 5.4.301 | 5.4.301 |
| linux | linux_kernel | >= 5.11.0 < 5.15.195 | 5.15.195 |
| linux | linux_kernel | >= 5.16.0 < 6.1.156 | 6.1.156 |
| linux | linux_kernel | >= 5.5.0 < 5.10.246 | 5.10.246 |
| linux | linux_kernel | >= 6.13.0 < 6.17.3 | 6.17.3 |
| linux | linux_kernel | >= 6.2.0 < 6.6.112 | 6.6.112 |
| linux | linux_kernel | >= 6.7.0 < 6.12.53 | 6.12.53 |
| marvell | qconvergeconsole | <= 5.5.0.85 | — |
| marvell | qconvergeconsole | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
dm: fix NULL pointer dereference in __dm_suspend()
osv·2025-11-12
CVE-2025-40134 dm: fix NULL pointer dereference in __dm_suspend()
dm: fix NULL pointer dereference in __dm_suspend()
In the Linux kernel, the following vulnerability has been resolved:
dm: fix NULL pointer dereference in __dm_suspend()
There is a race condition between dm device suspend and table load that
can lead to null pointer dereference. The issue occurs when suspend is
invoked before table load completes:
BUG: kernel NULL pointer dereference, address: 0000000000000054
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014
RIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50
Call Trace:
blk_mq_quiesce_queue+0x2c/0x50
dm_stop_queue+0xd/0x20
__dm_suspend+0x130/0x330
dm_suspend+0x11a/0x180
dev_suspend+0x27e/0x560
ctl_ioctl+0x4cf
GHSA
GHSA-772w-6r32-pmgr: Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability
ghsa_unreviewed·2025-07-07
CVE-2025-6798 [HIGH] CWE-22 GHSA-772w-6r32-pmgr: Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability
Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24918.
Red Hat
kernel: dm: fix NULL pointer dereference in __dm_suspend()
vendor_redhat·2025-11-12·CVSS 4.7
CVE-2025-40134 [MEDIUM] CWE-476 kernel: dm: fix NULL pointer dereference in __dm_suspend()
kernel: dm: fix NULL pointer dereference in __dm_suspend()
In the Linux kernel, the following vulnerability has been resolved:
dm: fix NULL pointer dereference in __dm_suspend()
There is a race condition between dm device suspend and table load that
can lead to null pointer dereference. The issue occurs when suspend is
invoked before table load completes:
BUG: kernel NULL pointer dereference, address: 0000000000000054
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014
RIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50
Call Trace:
blk_mq_quiesce_queue+0x2c/0x50
dm_stop_queue+0xd/0x20
__dm_suspend+0x130/0x330
dm_suspend+0x11a/0x180
dev_suspend+0x27e/0x560
ctl_ioctl+
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-07
Published