6
CVE-2025-54821
- EPSS 0.14%
- Veröffentlicht 18.11.2025 17:01:22
- Zuletzt bearbeitet 23.06.2026 13:16:38
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.033 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
| psirt@fortinet.com | 1.9 | 0.5 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://fortiguard.fortinet.com/psirt/FG-IR-25-545
https://cert-portal.siemens.com/productcert/html/ssa-864900.html