- Description
- Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- zdi-disclosures@trendmicro.com
- CWE-434
- Hype score
- Not currently trending
CVE-2025-6802 Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co… https://t.co/IxHf6wLTrF
@CVEnew
7 Jul 2025
206 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6802: CRITICAL] Vulnerability in Marvell QConvergeConsole allows attackers to execute code remotely. Issue lies in getFileFromURL method allowing arbitrary file upload & code execution.#cve,CVE-2025-6802,#cybersecurity https://t.co/3dTkS5mJy3 https://t.co/7N1OvkVGhz
@CveFindCom
7 Jul 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-464|CVE-2025-6802] (0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability (CVSS 9.8; Credit: Andrea Micalizzi aka rgod (@rgod777)) https://t.co/XbdQM2Gn6Z
@TheZDIBugs
3 Jul 2025
675 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes