Security ID : QSA-25-30

Vulnerability in QNAP Authenticator

Release date : October 4, 2025
CVE identifier : CVE-2025-54154
Affected products: QNAP Authenticator 1.3.x

Severity

Moderate

Status

Resolved

Summary

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access to your device, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version:

Affected Product	Fixed Version
QNAP Authenticator 1.3.x	QNAP Authenticator 1.3.1.1227 and later

Recommendation

To secure your device, we recommend regularly updating your QNAP mobile apps to the latest versions to benefit from vulnerability fixes.

You can check the QNAP Mobile App page to see the latest updates.

Attachment

CVE-2025-54154.json

Acknowledgements: Andr.Ess

Revision History:
V1.0 (October 4, 2025) - Published

Storage

Networking

Expansion Accessories

Surveillance

NAS

Networking

Surveillance

Summary

Recommendation

Choose Your Country or Region

Asia

Europe

America

Global