CVE-2025-54154 MEDIUM

CVE-2025-54154: QNAP Authenticator

Vendor Qnap Systems Inc.
Product QNAP Authenticator
Weakness CWE-287 · Improper authentication
Published October 3, 2025
Last update October 3, 2025

CVSS base score

6.9/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later

Key dates

02Disclosure timeline

October 3, 2025 CVE published
October 3, 2025 Record updated