CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6802

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.zerodayinitiative.com/advisories/ZDI-25-464/

Products affected by CVE-2025-6802

Marvell » Qconvergeconsole » Version: N/A

cpe:2.3:a:marvell:qconvergeconsole:-
Marvell » Qconvergeconsole » Version: 5.5.0.74

cpe:2.3:a:marvell:qconvergeconsole:5.5.0.74
Marvell » Qconvergeconsole » Version: 5.5.00.73

cpe:2.3:a:marvell:qconvergeconsole:5.5.00.73
Marvell » Qconvergeconsole » Version: 5.5.00.74

cpe:2.3:a:marvell:qconvergeconsole:5.5.00.74

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6802

Products

Pricing

Contact Us