Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN778
_____________________________________________________________________

DATE                : 10/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running HBS 3 Hybrid Backup Sync versions
                         prior to 26.2.0.938.

=====================================================================
https://www.qnap.com/en/security-advisory/qsa-25-46
_____________________________________________________________________


Security ID : QSA-25-46
Multiple Vulnerabilities in HBS 3 Hybrid Backup Sync (PWN2ONW 2025)

    Release date : November 8, 2025

    CVE identifier : CVE-2025-62840 | CVE-2025-62842 | ZDI-CAN-28426
| ZDI-CAN-28428

    Affected products: HBS 3 Hybrid Backup Sync 26.1.x and earlier

Severity
Critical

Status
Resolved


Summary

Multiple vulnerabilities have been reported to affect HBS 3 Hybrid
Backup Sync. We have already fixed the vulnerabilities in the
following version:

Affected Product 	Fixed Version
HBS 3 Hybrid Backup Sync 26.1.x and earlier
                      HBS 3 Hybrid Backup Sync 26.2.0.938 and later


Recommendation

To fix the vulnerabilities, we recommend updating HBS 3 Hybrid
Backup Sync to the latest version.


For increased security, we also recommend users to change all
passwords.


Updating HBS 3 Hybrid Backup Sync

    Log on to QTS or QuTS hero as an administrator.
    Open App Center and then click .
    A search box appears.
    Type "HBS 3 Hybrid Backup Sync" and then press ENTER.
    HBS 3 Hybrid Backup Sync appears in the search results.
    Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your HBS 3 Hybrid
Backup Sync is already up to date.
    Click OK.
    The system updates the application.

  

Acknowledgements: Pwn2Own 2025 - Team DDOS

Revision History:
V1.0 (November 8, 2025) - Published



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================