CVE-2025-6802

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified)

Description: This issue allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. The specific flaw exists within the implementation of the getFileFromURL method, which lacks proper validation of user-supplied data. This allows the upload of arbitrary files, enabling an attacker to execute code in the context of SYSTEM. Authentication is not required to exploit this issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the getFileFromURL method until a patch is available. Restrict access to the getFileFromURL method to minimize the risk of exploitation. Avoid using the getFileFromURL method in affected installations until the issue is resolved.