CVE-2025-6793

🗓️ 07 Jul 2025 14:50:28Reported by zdiType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 22 Views🌐 WEB

Marvell QConvergeConsole vulnerability allows remote file deletion and information disclosure without authentication

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2025-6793	7 Jul 202514:50	–	attackerkb
Circl	CVE-2025-6793	27 Jun 202503:00	–	circl
CNNVD	Marvell QConvergeConsole 路径遍历漏洞	7 Jul 202500:00	–	cnnvd
CNVD	Marvell QConvergeConsole Trail Traversal Vulnerability (CNVD-2025-20450)	11 Jul 202500:00	–	cnvd
Cvelist	CVE-2025-6793 Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability	7 Jul 202514:50	–	cvelist
EUVD	EUVD-2025-20260	7 Jul 202514:50	–	euvd
Metasploit	Marvell QConvergeConsole Path Traversal (CVE-2025-6793)	11 May 202619:03	–	metasploit
NVD	CVE-2025-6793	7 Jul 202515:15	–	nvd
OSV	CVE-2025-6793	7 Jul 202515:15	–	osv
Positive Technologies	PT-2025-27261	27 Jun 202500:00	–	ptsecurity

NVD

Vulners

Node

marvell qconvergeconsoleRange≤5.5.0.85

[
  {
    "vendor": "Marvell",
    "product": "QConvergeConsole",
    "versions": [
      {
        "version": "5.5.0.78",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-25-450/

Parameter	Position	Path	Description	CWE
folder	query param	QConvergeConsole/com.qlogic.qms.hba.gwt.Main/QLogicDownloadServlet	Path traversal endpoint to read arbitrary files via folder/file parameters	CWE-22
file	query param	QConvergeConsole/com.qlogic.qms.hba.gwt.Main/QLogicDownloadServlet	Path traversal endpoint to read arbitrary files via folder/file parameters	CWE-22

14 Jul 2025 17:16Current

9High risk

Vulners AI Score9

CVSS 39.4

EPSS0.87779

SSVC

CWE-22