CVE-2025-54821

CWE-269Improper Privilege Management4 documents4 sources
Severity
6.0MEDIUM
EPSS
0.0%
top 94.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortiosFortinet FortipamFortinet Fortiproxy
Timeline
PublishedNov 18

Description

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 a

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages6 packages

NVDfortinet/fortipam1.0.01.6.1
CVEListV5fortinet/fortipam1.5.01.5.1+6
NVDfortinet/fortios6.4.07.6.4
CVEListV5fortinet/fortios7.6.07.6.3+4
NVDfortinet/fortiproxy7.0.07.6.4

🔴Vulnerability Details

2
CVEList
CVE-2025-54821: An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 72025-11-18
GHSA
GHSA-hg7x-vp9f-fjh2: An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 72025-11-18

📋Vendor Advisories

1
Fortinet
Trusted hosts bypass via SSH2025-11-18
CVE-2025-54821 (MEDIUM CVSS 6) | An Improper Privilege Management vu | cvebase.io