CVE-2025-6793: Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-6793

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Marvell QConvergeConsole 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Marvell QConvergeConsole是美国Marvell公司的一款跨数据中心的统一适配器管理软件。 Marvell QConvergeConsole存在路径遍历漏洞，该漏洞源于QLogicDownloadImpl类未正确验证用户提供路径，可能导致任意文件删除和信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Marvell	QConvergeConsole	5.5.0.78	-

II. Public POCs for CVE-2025-6793

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-6793

Please Login to view more intelligence information

https://www.zerodayinitiative.com/advisories/ZDI-25-450/x_research-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-6793

IV. Related Vulnerabilities

Same product: QConvergeConsole

Same vendor: Marvell

Same weakness: CWE-22

V. Comments for CVE-2025-6793

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-6793

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-6793

III. Intelligence Information for CVE-2025-6793

IV. Related Vulnerabilities

V. Comments for CVE-2025-6793

Leave a comment