Security ID : QSA-25-48
Multiple Vulnerabilities in Hyper Data Protector (PWN2OWN 2025)
Release date : November 8, 2025
CVE identifier : CVE-2025-59389 | ZDI-CAN-28475 | CVE-2025-59388 | ZDI-CAN-28358
Affected products: Hyper Data Protector 2.2.x
Severity
Critical
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Hyper Data Protector.
- CVE-2025-59389: If exploited, remote attackers can exploit the SQL injection vulnerability to execute unauthorized code or commands.
- CVE-2025-59388: If exploited, remote attackers can exploit the use of hard-coded password vulnerability to gain unauthorized access.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Hyper Data Protector 2.2.x | Hyper Data Protector 2.3.1.455 and later |
Recommendation
To fix the vulnerability, we recommend updating Hyper Data Protector to the latest version.
Updating Hyper Data Protector
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Hyper Data Protector" and then press ENTER.
Hyper Data Protector appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Hyper Data Protector is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: Pwn2Own 2025 - Summoning Team
Revision History:
V1.0 (November 8, 2025) - Published
V1.1 (January 3, 2026) - Added more details
V1.2 (March 12, 2026) - Update ZDI IDs
