24h | 7d | 30d

CVE-2025-6793

Overview

  • Marvell
  • QConvergeConsole
07 Jul 2025
Published
07 Jul 2025
Updated
CVSS v3.0
CRITICAL (9.4)
EPSS
87.03%
KEV

Description

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Metasploit @metasploit

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway?

Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253).

As always, check it out the blog: rapid7.com/blog/post/pt-metasp

  • 0
  • 1
  • 0
  • 23h ago

CVE-2023-30253

Overview

  • Pending
29 May 2023
Published
14 Jan 2025
Updated
CVSS
Pending
EPSS
90.43%
KEV

Description

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Metasploit @metasploit

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway?

Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253).

As always, check it out the blog: rapid7.com/blog/post/pt-metasp

  • 0
  • 1
  • 0
  • 23h ago

CVE-2024-48760

Overview

  • Pending
14 Jan 2025
Published
23 Jan 2025
Updated
CVSS
Pending
EPSS
66.58%
KEV

Description

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Metasploit @metasploit

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway?

Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253).

As always, check it out the blog: rapid7.com/blog/post/pt-metasp

  • 0
  • 1
  • 0
  • 23h ago
Showing 41 to 43 of 43 CVEs