QNAP Authenticator_CVE-2025-54154

6.9 / 10

MEDIUM

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version:
QNAP Authenticator 1.3.1.1227 and later

Basic Information

ID CVE-2025-54154

Source qnap

Published Oct 3, 2025 at 18:15

Affected Product

Vendor QNAP Systems Inc.

Product QNAP Authenticator

Version 1.3.x

Affected Versions QNAP Systems Inc. QNAP Authenticator 1.3.x

CWE Classification

CWE-287

References

www.qnap.com /en/security-advisory/qsa-25-30

{
    "lastseen": "",
    "description": "An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQNAP Authenticator 1.3.1.1227 and later",
    "published": "2025-10-03T18:15:05.561Z",
    "modified": "2025-10-03T18:15:05.561Z",
    "type": "cve",
    "title": "QNAP Authenticator",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-30",
    "id": "CVE-2025-54154",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. QNAP Authenticator 1.3.x",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QNAP Authenticator",
    "version": "1.3.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}