Improper Authentication Vulnerability in QNAP Authenticator
CVE-2025-54154

6.9MEDIUM

Key Information:

Vendor: QNAP
Status: Qnap Authenticator
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-54154?

An improper authentication vulnerability has been identified in QNAP Authenticator that allows an attacker with physical access to exploit the system's security. This flaw can lead to unauthorized access and potential compromise of sensitive data. Users are encouraged to update to version 1.3.1.1227 or later to mitigate this risk. For further details, refer to the official security advisory.

Affected Version(s)

QNAP Authenticator 1.3.x < 1.3.1.1227

References

https://www.qnap.com/en/security-advisory/qsa-25-30

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Andr.Ess

JSON