CVE•Published 2025-07-07•1 article on news•6 live references•NVD data

CVE-2025-6793

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

9.4

CRITICAL

EPSS percentile

Exploit Prediction Scoring System · top 4% of all CVEs

Description

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Timeline

Published 2025-07-07

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2025-6793

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Marvell Qconvergeconsole"

All exposed Marvell Qconvergeconsole instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Qconvergeconsole"

HTTP body or banner mentions "Qconvergeconsole" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2025-6793