CVE-2025-6802 in QConvergeConsoleinfo

Summary

by MITRE • 07/07/2025

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

06/27/2025

Disclosure

07/07/2025

Moderation

accepted

Entry

VDB-314304

CPE

ready

CWE

CWE-434 (confirmed)

CVSS

7.3 (VulDB)

EPSS

0.07700

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-6802
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-6802
CVE Details	https://www.cvedetails.com/cve/CVE-2025-6802/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!