CVE-2025-54821

CVE Database · CVE-2025-54821

CVE-2025-54821

· LOWModified

CVSS v3.1

1.9

EPSS

0.14%

Published

Nov 18, 2025

Modified

Jan 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-269

Affected Products (3)

fortinet · fortiproxy (up to 7.6.4)vulnerable

fortinet · fortipam (up to 1.6.1)vulnerable

fortinet · fortios (up to 7.6.4)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-545

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs