CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

July 31, 2025

CVE ID : CVE-2025-8426

Published : July 31, 2025, 6:15 p.m. | 5 hours, 9 minutes ago

Description : Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-26062 – Intelbras RX1500/3000 Unauthenticated Access to Settings File

Next Article CVE-2025-54833 – OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Celebrating GAAD by Committing to Universal Design: Equitable Use

CVE-2025-4187 – UserPro – Community and User Profile WordPress Plugin Directory Traversal Vulnerability

CVE-2025-49753 – Windows Routing and Remote Access Service (RRAS) Heap Buffer Overflow

CVE-2025-54439 – Samsung Electronics MagicINFO 9 Server File Upload Vulnerability

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

Karakeep is a self-hostable bookmark-everything app

Monitor HTTP Interactions with Laravel’s New Http::record() Method

Rilasciata Grml 2025.08: La Nuova Versione che Celebra 32 anni di Debian

CVE-2025-8426 – Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

Related Posts