CVE-2025-62849

✓ Confirmed 0-Day

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.13%

probability

This CVE has a 0.13% probability of being exploited in the next 30 days.

0% Top 31.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89 · SQL Injection CWE-943 · Improper Neutralization of Special Elements in Data Query Logic

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

BleepingComputer Nov 07, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.13%

Mentions 1

Last Seen Nov 07, 2025

CNA Information

Analyst Note

CVE-2025-62849 is explicitly named in a BleepingComputer article titled 'QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own,' confirming exploitation at the Pwn2Own security conference. The patch was released on 2025-10-24, and the article references active exploitation at a live hacking event, establishing zero-day status with exploitation preceding or coinciding with patch availability.

Threat Actors 2

Hacking Team

apt_group 🇮🇹 IT

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026