CVE Catalog

CVE-2025-54821

LowCVSS 1.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile — higher than 3% of all known CVEs

Summary

An Improper Privilege Management vulnerability in Fortinet FortiOS and FortiPAM allows an authenticated administrator to bypass the trusted host policy via crafted CLI command.

Risk Assessment

This vulnerability may lead to unauthorized access to the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update to the latest version of FortiOS and FortiPAM to mitigate this vulnerability and review the privilege management policy.

Original NVD description (English source)

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS