CVE-2025-54821

Summary

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPAM1.6.0affected
FortinetFortiPAM1.5.0 <= 1.5.1affected
FortinetFortiPAM1.4.0 <= 1.4.3affected
FortinetFortiPAM1.3.0 <= 1.3.1affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiSASE25.2.91affected
FortinetFortiOS7.6.0 <= 7.6.3affected
FortinetFortiOS7.4.0 <= 7.4.11affected
FortinetFortiOS7.2.0 <= 7.2.13affected
FortinetFortiOS7.0.0 <= 7.0.19affected
FortinetFortiOS6.4.0 <= 6.4.16affected

Weaknesses

  • CWE-269: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References