CVE-2025-6800
published 2025-07-07CVE-2025-6800: Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose…
PriorityP349high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.26%
65.8th percentile
Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the restoreESwitchConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24920.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marvell | qconvergeconsole | <= 5.5.0.85 | — |
| marvell | qconvergeconsole | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cisa7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjmc-ppfp-hm7f: Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability
ghsa_unreviewed·2025-07-07
CVE-2025-6800 [HIGH] CWE-22 GHSA-hjmc-ppfp-hm7f: Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability
Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the restoreESwitchConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24920.
CISA
Mitel SIP Phones Argument Injection Vulnerability
cisa·2025-02-12·CVSS 7.2
CVE-2024-41710 [HIGH] CWE-88 Mitel SIP Phones Argument Injection Vulnerability
Vulnerability: Mitel SIP Phones Argument Injection Vulnerability
Affected: Mitel SIP Phones
Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710
Remediation Due Date: 2025-03-05
Suricata
ET WEB_SPECIFIC_APPS Mitel 6800 802.1x Support Command Injection (CVE-2024-41710)
suricata·2025-01-30·CVSS 7.2
CVE-2024-41710 [HIGH] ET WEB_SPECIFIC_APPS Mitel 6800 802.1x Support Command Injection (CVE-2024-41710)
ET WEB_SPECIFIC_APPS Mitel 6800 802.1x Support Command Injection (CVE-2024-41710)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Mitel 6800 802.1x Support Command Injection (CVE-2024-41710)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/8021xsupport.html"; fast_pattern; http.request_body; content:"802|2e|1x|2b|identity|3d|"; pcre:"/^[^\x26]*?\x25(?:\x21d\x28|dt)/R"; reference:url,www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones; reference:cve,2024-41710; classtype:web-application-attack; sid:2059785; rev:1; metadata:affected_product Mitel, attack_target Server, tls_state TLSDecrypt, created_at 2025_01_30, cve CVE_2024_41710, deployment Perimeter, deployment Internal, deploym
Nuclei
Mitel 6000 - OS Command Injection
nuclei·CVSS 6.5
CVE-2025-47188 [MEDIUM] Mitel 6000 - OS Command Injection
Mitel 6000 - OS Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. This template should be run on port 49249/tcp.
Template:
id: CVE-2025-47188
info:
name: Mitel 6000 - OS Command Injection
severity: critical
author: matejsmycka
description: |
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection att
2025-07-07
Published