CVE-2025-62840

Summary

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.

We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.HBS 3 Hybrid Backup Sync26.1.x < 26.2.0.938affected

Weaknesses

  • CWE-209: CWE-209

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References