ByteOS Network

CVE Vulnerability Details :

CVE-2025-62840

PUBLISHED

More Info Official Page

Assigner-qnap

Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f

Published At-02 Jan, 2026 | 15:51

Updated At-05 Jan, 2026 | 20:38

▼CVE Numbering Authority (CNA)

HBS 3 Hybrid Backup Sync

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

Affected Products

Vendor

QNAP Systems, Inc.

Product

HBS 3 Hybrid Backup Sync

Default Status

unaffected

Versions

Affected

From 26.1.x before 26.2.0.938 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-209	CWE-209

Type: CWE

CWE ID: CWE-209

Description: CWE-209

Metrics

Version	Base score	Base severity	Vector
4.0	7.0	HIGH	CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Version: 4.0

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Impacts

CAPEC ID	Description
CAPEC-215	CAPEC-215

CAPEC ID: CAPEC-215

Description: CAPEC-215

Solutions

We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

Credits

finder

Pwn2Own 2025 - Team DDOS

References

Hyperlink	Resource
https://www.qnap.com/en/security-advisory/qsa-25-46	N/A

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-46

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References