Unrated severityNVD Advisory· Published Jan 2, 2026· Updated Jan 5, 2026

HBS 3 Hybrid Backup Sync

CVE-2025-62840

Description

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.

We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

Affected products

Qnap/HBS 3 Hybrid Backup Syncllm-create
Range: <26.2.0.938
QNAP Systems Inc./HBS 3 Hybrid Backup Syncv5
Range: 26.1.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-25-46mitre

News mentions

ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
Zero Day Initiative · Mar 30, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000