CVE-2025-54821_CVE-2025-54821

1.8 / 10

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Description

An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

Basic Information

ID CVE-2025-54821

Source fortinet

Published Nov 18, 2025 at 17:01

Modified Nov 18, 2025 at 20:04

Affected Product

Vendor Fortinet

Product FortiProxy

Version 7.6.0

Affected Versions Fortinet FortiProxy 7.6.0
Fortinet FortiProxy 7.4.0
Fortinet FortiProxy 7.2.0
Fortinet FortiProxy 7.0.0
Fortinet FortiOS 7.6.0
Fortinet FortiOS 7.4.0
Fortinet FortiOS 7.2.0
Fortinet FortiOS 7.0.0
Fortinet FortiOS 6.4.0
Fortinet FortiPAM 1.6.0
Fortinet FortiPAM 1.5.0
Fortinet FortiPAM 1.4.0
Fortinet FortiPAM 1.3.0
Fortinet FortiPAM 1.2.0
Fortinet FortiPAM 1.1.0
Fortinet FortiPAM 1.0.0

CWE Classification

CWE-269

References

fortiguard.fortinet.com /psirt/FG-IR-25-545

{
    "lastseen": "",
    "description": "An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.",
    "published": "2025-11-18T17:01:22.231Z",
    "modified": "2025-11-18T20:04:58.245Z",
    "type": "cve",
    "title": "CVE-2025-54821",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-545",
    "id": "CVE-2025-54821",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiProxy 7.6.0\nFortinet FortiProxy 7.4.0\nFortinet FortiProxy 7.2.0\nFortinet FortiProxy 7.0.0\nFortinet FortiOS 7.6.0\nFortinet FortiOS 7.4.0\nFortinet FortiOS 7.2.0\nFortinet FortiOS 7.0.0\nFortinet FortiOS 6.4.0\nFortinet FortiPAM 1.6.0\nFortinet FortiPAM 1.5.0\nFortinet FortiPAM 1.4.0\nFortinet FortiPAM 1.3.0\nFortinet FortiPAM 1.2.0\nFortinet FortiPAM 1.1.0\nFortinet FortiPAM 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 1.8,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiProxy",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}