Security ID : QSA-25-30
Vulnerability in QNAP Authenticator
Release date : October 4, 2025
CVE identifier : CVE-2025-54154
Affected products: QNAP Authenticator 1.3.x
Severity
Moderate
Status
Resolved
Summary
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access to your device, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| QNAP Authenticator 1.3.x | QNAP Authenticator 1.3.1.1227 and later |
Recommendation
To secure your device, we recommend regularly updating your QNAP mobile apps to the latest versions to benefit from vulnerability fixes.
You can check the QNAP Mobile App page to see the latest updates.
Attachment
Acknowledgements: Andr.Ess
Revision History:
V1.0 (October 4, 2025) - Published
