CVE-2025-54821

low Fortinet
CVSS v3 Base Score
1.8
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
EPSS Score
0.1%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: November 18, 2025 (233 days ago)
Last Modified: June 23, 2026
Vendor: Fortinet
Source: MITRE

Description

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

CWE

CWE-269

Affected Products

Fortinet FortiPAMFortinet FortiSASEFortinet FortiOS

References