CVE-2025-62847

✓ Confirmed 0-Day

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.09%

probability

This CVE has a 0.09% probability of being exploited in the next 30 days.

0% Top 25.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection CWE-88 · Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

BleepingComputer Nov 07, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.09%

Mentions 1

Last Seen Nov 07, 2025

CNA Information

Analyst Note

CVE-2025-62847 is explicitly named as one of seven zero-day flaws exploited at Pwn2Own according to BleepingComputer. The vulnerability was patched in October 2025 (build 20251024), with the CVE published in December 2025, indicating exploitation preceded public disclosure. Pwn2Own exploitation represents in-the-wild proof of concept against real targets.

Threat Actors 2

Hacking Team

apt_group 🇮🇹 IT

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026