CVE-2025-54821

medium

Description

An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-545

Details

Source: Mitre, NVD

Published: 2025-11-18

Updated: 2025-11-20

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N