CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

July 31, 2025

CVE ID : CVE-2025-8426

Published : July 31, 2025, 6:15 p.m. | 5 hours, 9 minutes ago

Description : Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-26062 – Intelbras RX1500/3000 Unauthenticated Access to Settings File

Next Article CVE-2025-54833 – OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Lost in Translation: How to Overcome Miscommunication Between Clients and Business Analysts

Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business

How to prevent your PC from locking automatically on Windows 11

CVE-2025-50150 – Apache HTTP Server Unvalidated URL Parameter

CVE-2025-4117 – Netgear JWNR2000 Buffer Overflow Vulnerability

CVE-2025-5853 – Tenda AC6 Stack-Based Buffer Overflow Vulnerability

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

CVE-2025-21462 – QNAP QTS Memory Corruption Vulnerability

CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

Related Posts