CVE-2025-54821 MEDIUM

Published: 2025-11-18 | Last Modified: 2026-06-09 | Status: Modified

Description

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

CVSS Metrics

Base Score: 6.0 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 5.2

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-269

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7d1e643c0700>	Application
fortinet	fortipam	*	<built-in method update of dict object at 0x7d1e5febbe80>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e643c29c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortipam::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-545
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e