HBS 3 Hybrid Backup Sync_CVE-2025-62842

7 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.

We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later

Basic Information

ID CVE-2025-62842

Source qnap

Published Jan 2, 2026 at 15:51

Affected Product

Vendor QNAP Systems Inc.

Product HBS 3 Hybrid Backup Sync

Version 26.1.x

Affected Versions QNAP Systems Inc. HBS 3 Hybrid Backup Sync 26.1.x

CWE Classification

CWE-73

References

www.qnap.com /en/security-advisory/qsa-25-46

{
    "lastseen": "",
    "description": "An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 26.2.0.938 and later",
    "published": "2026-01-02T15:51:40.904Z",
    "modified": "2026-01-02T15:51:40.904Z",
    "type": "cve",
    "title": "HBS 3 Hybrid Backup Sync",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-46",
    "id": "CVE-2025-62842",
    "bulletinFamily": "",
    "cwe": [
        "CWE-73"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. HBS 3 Hybrid Backup Sync 26.1.x",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HBS 3 Hybrid Backup Sync",
    "version": "26.1.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}