Main Vulnerability Database Vulnerabilities #VU116649

#VU116649 Improper access control in QNAP Authenticator - CVE-2025-54154

Published: October 7, 2025

Vulnerability identifier: #VU116649

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-54154

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
QNAP Authenticator

Software vendor:
QNAP Systems, Inc.

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.qnap.com/en/security-advisory/qsa-25-30

#VU116649 Improper access control in QNAP Authenticator - CVE-2025-54154

Description

Remediation

External links

Please verify you're human