Is CVE-2025-62842 actively exploited?

CVE-2025-62842 has no public evidence of in-the-wild exploitation as of 2026-02-05.

What is the CVSS score for CVE-2025-62842?

CVE-2025-62842 has a CVSS score of 7 (HIGH severity). Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

How do I patch CVE-2025-62842?

Patch guidance is available from qnap security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-62842.

Which products are affected by CVE-2025-62842?

1 product: qnap hybrid backup sync.

Fix CVE-2025-62842 - HIGH qnap hybrid backup sync

Description

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later

CVSS Metrics

Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector: physical
Complexity: low
Privileges: none
User Action: none
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-73

Metadata

Primary Vendor: QNAP
Published: 1/2/2026
Last Modified: 2/5/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2025-62842

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary