What is the CVSS score of EUVD-2025-32454?

EUVD-2025-32454 has a CVSS 3.1 base score of 6.8 (Medium). CVSS vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Authenticator are affected by EUVD-2025-32454?

Organizations using An improper authentication vulnerability should be aware of notable risk from CVE-2025-54154, a improper authentication vulnerability rated CVSS 6.8.. A patch is available.

How to fix or mitigate EUVD-2025-32454?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

Authenticator EUVD-2025-32454

| CVE-2025-54154 MEDIUM

Improper Authentication (CWE-287)

2025-10-03 security@qnapsecurity.com.tw

Authentication Bypass Qnap Authenticator

6.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.8 MEDIUM

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.3.1.1227

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32454

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

CVE Published

Oct 03, 2025 - 19:15 nvd

MEDIUM 6.8

DescriptionCVE.org

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later

Analysis

We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

EUVD-2025-32454 vulnerability details – vuln.today

Back

Authenticator EUVD-2025-32454

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code