CVE-2025-54821
lowCVSS v3 Base Score
1.8
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
EPSS Score
0.1%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: November 18, 2025 (233 days ago)
Last Modified: June 23, 2026
Vendor: Fortinet
Source: MITRE
Vulnerability Report
Generated by CyberWatcher
Description
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.
CWE
CWE-269Affected Products
Fortinet FortiPAMFortinet FortiSASEFortinet FortiOS