An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fortinet
  • Fortios
  • Fortipam

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiPAM version 1.7.0 or above Upgrade to FortiPAM version 1.6.1 or above Upgrade to FortiProxy version 7.6.4 or above Upgrade to FortiOS version 7.6.4 or above Fortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action.

Workaround

No workaround given by the vendor.

References
Link Providers
https://fortiguard.fortinet.com/psirt/FG-IR-25-545 cve-icon cve-icon
History

Tue, 18 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Description An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.
First Time appeared Fortinet
Fortinet fortios
Fortinet fortipam
Weaknesses CWE-269
CPEs cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortios
Fortinet fortipam
References
Metrics cvssV3_1

{'score': 1.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-11-18T17:01:22.231Z

Reserved: 2025-07-30T08:31:12.197Z

Link: CVE-2025-54821

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-11-18T17:16:03.490

Modified: 2025-11-18T17:16:03.490

Link: CVE-2025-54821

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.