Overview
CVE-2025-54821 is a reported Improper Privilege Management vulnerability affecting multiple Fortinet products, including FortiOS, FortiPAM, and FortiProxy. This vulnerability allows an authenticated administrator to potentially bypass the trusted host policy through the use of a crafted Command Line Interface (CLI) command.
Technical Details
The vulnerability, classified as CWE-269 (Improper Privilege Management), stems from insufficient validation and sanitization of user-supplied input when processing CLI commands. An attacker, already authenticated as an administrator, can exploit this weakness by crafting a specific CLI command that circumvents the intended security restrictions enforced by the trusted host policy. This policy is designed to restrict administrative access to specific, authorized hosts.
Affected Products and Versions:
- FortiOS 7.6.0 through 7.6.3
- FortiOS 7.4 all versions
- FortiOS 7.2 all versions
- FortiOS 7.0 all versions
- FortiOS 6.4 all versions
- FortiPAM 1.6.0
- FortiPAM 1.5 all versions
- FortiPAM 1.4 all versions
- FortiPAM 1.3 all versions
- FortiPAM 1.2 all versions
- FortiPAM 1.1 all versions
- FortiPAM 1.0 all versions
- FortiProxy 7.6.0 through 7.6.3
- FortiProxy 7.4 all versions
- FortiProxy 7.2 all versions
- FortiProxy 7.0 all versions
CVSS Analysis
The National Vulnerability Database (NVD) has assigned CVE-2025-54821 a CVSS v3.1 score of 1.9 (LOW).
CVSS Vector: [Provide the complete CVSS vector string if available – e.g., AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N]
A low CVSS score indicates that the vulnerability has a relatively limited impact and/or requires specific conditions to be exploited. In this case, exploitation requires an already authenticated administrator, and the impact is limited to bypassing the trusted host policy (partial compromise of integrity).
Possible Impact
While the CVSS score is low, successfully exploiting this vulnerability could allow a malicious administrator, or a compromised administrator account, to perform actions outside of the intended scope defined by the trusted host policy. This could lead to unauthorized access, modification of configurations, or potentially further exploitation of the system depending on the specific privileges associated with the administrator account and the functionalities exposed through the CLI.
Although the impact is restricted to bypassing the trusted host policy, in a complex environment, the vulnerability can be chained to other vulnerabilities for more significant damage.
Mitigation and Patch Steps
The primary mitigation is to apply the security patch provided by Fortinet. Fortinet has released fixes addressing this vulnerability. Users are strongly advised to upgrade to a patched version of FortiOS, FortiPAM or FortiProxy as soon as possible.
Recommendations:
- Upgrade to the latest patched version of FortiOS, FortiPAM, and FortiProxy.
- Review administrator access controls and ensure the principle of least privilege is enforced.
- Monitor logs for any suspicious CLI commands or activity.
