CVE-2025-62840

CWE-2094 documents4 sources
Severity
7.0HIGH
EPSS
0.0%
top 98.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. HBS 3 Hybrid Backup SyncQnap Hybrid Backup Sync
Timeline
PublishedJan 2

Description

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDqnap/hybrid_backup_sync< 26.2.0.938
CVEListV5qnap_systems_inc./hbs_3_hybrid_backup_sync26.1.x26.2.0.938

🔴Vulnerability Details

2
CVEList
HBS 3 Hybrid Backup Sync2026-01-02
GHSA
GHSA-fxxr-j78f-xmmm: A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync2026-01-02
CVE-2025-62840 (HIGH CVSS 7) | A generation of error message conta | cvebase.io