Low severity1.9NVD Advisory· Published Nov 18, 2025· Updated Jun 9, 2026
CVE-2025-54821
CVE-2025-54821
Description
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*range: >=7.0.0,<7.6.4
- cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: >=6.4.0,<7.6.4
- cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*range: >=1.0.0,<1.6.1
- cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*range: 1.6.0
- (no CPE)range: 1.6.0, 1.5 all versions, 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.